Analysis

  • max time kernel
    43s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 21:28

General

  • Target

    a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe

  • Size

    75KB

  • MD5

    4458da4dd409fbd1cc1623f023e6d060

  • SHA1

    677de8246f75c24a6e54ced3d3420be96d9053f6

  • SHA256

    a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8

  • SHA512

    28cbd978418775507bc0ff54be00ed85356376d5a139107827b203d99edc714ffdc0b237c94eacdef0064d1d68e5a34fb29fcf72d3bd800cad5351870ee12e1e

  • SSDEEP

    1536:q2ovFZgnKEACw3i9pdd0GktwQUyMa6LawzHXFOzTm4I9f7jo4y:qZkKEACHXdhkiQU3wwzH1OY9f7ly

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe
    "C:\Users\Admin\AppData\Local\Temp\a641e69413c37a5d45d683f46dbd7d0b7f55a7544d7bccbdc508546de0df06c8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 200
      2⤵
      • Program crash
      PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1160-55-0x0000000000000000-mapping.dmp

  • memory/1720-54-0x00000000765B1000-0x00000000765B3000-memory.dmp

    Filesize

    8KB

  • memory/1720-56-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB