19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 16:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe
Size

810KB
MD5

607fc24e7b4fa69bab6c1c53839a7c15
SHA1

534b8db73692f3a7266271eb26dfaa3e3d7f8c50
SHA256

19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e
SHA512

7e509c5f81166f6a9605375ff6ecf498a0b620f42f4d495e0683d86f5399296446a07ca37dd0f8a3cadac63e875b6a3a540f257143a031908ffcdb4ac6e1b906
SSDEEP

12288:gRm0OqZQDi02wPW6QIOd4/vqUfcfSpKUy7:K2Dd2g1a+3tfYSpW

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1944	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Loads dropped DLL 11 IoCs

pid	Process
2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe
2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe
1756	WerFault.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2004	2032	WerFault.exe	6
1756	1944	WerFault.exe	28

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1944	2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe	28
PID 2032 wrote to memory of 1944	2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe	28
PID 2032 wrote to memory of 1944	2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe	28
PID 2032 wrote to memory of 1944	2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe	28
PID 2032 wrote to memory of 2004	2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe	29
PID 2032 wrote to memory of 2004	2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe	29
PID 2032 wrote to memory of 2004	2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe	29
PID 2032 wrote to memory of 2004	2032	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe	29
PID 1944 wrote to memory of 1756	1944	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe	30
PID 1944 wrote to memory of 1756	1944	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe	30
PID 1944 wrote to memory of 1756	1944	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe	30
PID 1944 wrote to memory of 1756	1944	19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe	30

C:\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe
"C:\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe
  C:\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 156
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 152
  2⤵
  - Program crash
  PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
\Users\Admin\AppData\Local\Temp\19e5deba49e461a011decdf81cab1e4934cc792909be23cde93fdd3b151d4c1emgr.exe

Filesize
404KB

MD5
3a51be334f3cedd7185130cd60047496

SHA1
5572a04718cffb848ae660713415b8ab95b3ec5c

SHA256
3e6d0b2887dad2ea3845139a31dfc8b8a2923c3f58ae8ba241d1498e1cc7747b

SHA512
ed2dda92f22f1d972508ede37cf6b8cf719e1d53271c2af988fe700e53f4ca0feb7e39712135e1c128f63ebf08ee6a555f35b555243c233afc943a22c9fe5783

Download Submit
memory/1944-72-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2032-54-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download
memory/2032-70-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/2032-71-0x0000000000120000-0x0000000000190000-memory.dmp

Filesize
448KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads