Overview

overview

8

Static

static

b27649115b...20.exe

windows7-x64

3

b27649115b...20.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    2s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b27649115be95e640340ba9f10a46b16271c4dce86271168cb95d8d889e35820.exe

  • Size

    56KB

  • MD5

    82daf0c646139d8d17bd7f1bf8f46d05

  • SHA1

    624a1308aea9a34c692e3ed21ead9c961032716f

  • SHA256

    b27649115be95e640340ba9f10a46b16271c4dce86271168cb95d8d889e35820

  • SHA512

    4fd8636fab6a8e5d29259fbc11678c4643e02928c69c6d8894e89f6905e67be720b8b95f89040a7b2755acd23ae8b453f44e018b82045c86a0f1372c525f755b

  • SSDEEP

    1536:VzfWZ03LXeLgwHQmmuUAJ2TtWl8K0CBLJbMlz8N+T:VjkmDYQmmuVlBJQzC+T

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b27649115be95e640340ba9f10a46b16271c4dce86271168cb95d8d889e35820.exe
    "C:\Users\Admin\AppData\Local\Temp\b27649115be95e640340ba9f10a46b16271c4dce86271168cb95d8d889e35820.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 36
      2⤵
      • Program crash
      PID:1100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1100-54-0x0000000000000000-mapping.dmp

    Download