38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe
Size

308KB
MD5

09f4ab3a4c66a91401fde2b48e9ce2b1
SHA1

e7f38f78e5f328ca6cb365ed8905f4d1c3a96af1
SHA256

38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f
SHA512

f0353d0f806985c9a702103eaf4abc6f1fb5f563f52b4b9873b78f193c9e39bffd01a5ec608b1509f680311e337d05e657b3d1b9939fc62de75a34caadc40f46
SSDEEP

3072:zgKA9c7VpkuNEIUewmsdfPrMiZmB1rY59WctHAnp0lf4XEoQrsTTje5NX95B89Li:kKAMVceGdxmvYzW48p0lf4Xi6Ji76zar

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1652	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Loads dropped DLL 9 IoCs

pid	Process
1084	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe
1084	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
848	1652	WerFault.exe	27

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 1652	1084	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe	27
PID 1084 wrote to memory of 1652	1084	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe	27
PID 1084 wrote to memory of 1652	1084	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe	27
PID 1084 wrote to memory of 1652	1084	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe	27
PID 1652 wrote to memory of 848	1652	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe	28
PID 1652 wrote to memory of 848	1652	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe	28
PID 1652 wrote to memory of 848	1652	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe	28
PID 1652 wrote to memory of 848	1652	38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe	28

C:\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe
"C:\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe
  C:\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 92
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
\Users\Admin\AppData\Local\Temp\38a51a352da1865bd59db243843fde409291becdfd4a3006a098404daddfb46fmgr.exe

Filesize
119KB

MD5
82c8f759c35a9cfbeef604c70379b68b

SHA1
8308815603a6e53b41f7ec3fc44dd233e3c2529b

SHA256
65a0952fde14e0d6ae20e5b2c5f0c644a96045cab7c68332896a3098a296d08b

SHA512
60f6a2027967710edbb43f112abcc63ecc67cf5563ef96faa74b2fb3d13a70e4a5b9f595601822e99c265b95b2706c91330c44ec23d2380aba6f33e1edd76c14

Download Submit
memory/1084-58-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1652-67-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads