Overview

overview

3

Static

static

de11de4a7e...d6.exe

windows7-x64

3

de11de4a7e...d6.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de11de4a7ec252e3be49ddd6772081a475b0d66fd1265ba620f62a469fccd5d6.exe

  • Size

    388KB

  • MD5

    5e549ccc733167f10a672e056557a0b2

  • SHA1

    1ebf2139e04428e01613bae45eafb6bc363bfc93

  • SHA256

    de11de4a7ec252e3be49ddd6772081a475b0d66fd1265ba620f62a469fccd5d6

  • SHA512

    8f29ccf6451f3ee85ceb562e62d74fbbfacf034ed055dd5f192c9fdfd2374b4409d8848c764bb71d4b68a72a17fac7f1f73a38a1cbab44afdabfa69361157656

  • SSDEEP

    3072:e2voeN+jaiG17Ef5KlrKnBZ59oZSmveDlcjIV8jlwIFU+V4EFFCcll3H3rH3XD7U:ZQeNai17Y56rKnBfWhveajzxwIFU

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de11de4a7ec252e3be49ddd6772081a475b0d66fd1265ba620f62a469fccd5d6.exe
    "C:\Users\Admin\AppData\Local\Temp\de11de4a7ec252e3be49ddd6772081a475b0d66fd1265ba620f62a469fccd5d6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 100
      2⤵
      • Program crash
      PID:932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/932-54-0x0000000000000000-mapping.dmp

    Download