Analysis

  • max time kernel
    155s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 16:55

General

  • Target

    39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe

  • Size

    1020KB

  • MD5

    4565d0318c38be9d62247d439fc1db70

  • SHA1

    49f5d9b5b3274940c9b19ca14a65e73045139309

  • SHA256

    39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c

  • SHA512

    b9dda4f71fd810c211a05370d3e90808ec0edfb5af2d2e8a2261830365acf5a357e4e140af15ae337109073d1a917016186465f8ac75f8a835530b0e8d33b401

  • SSDEEP

    3072:CVSJfUMjGtt01aOv5vvWE0B4/9LwRxU68sDA1Aoch/NDIsQZOxkAHoqY+UkOMOFn:CVCnXv5vulBY9o9DWGJRW8Ihzo0naG9

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe
    "C:\Users\Admin\AppData\Local\Temp\39d85d1ca10b8d14633c0db535fb99c903ec9e613ed2414f0bdad6e816bbef6c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4948
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 408
      2⤵
      • Program crash
      PID:2568
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 408
      2⤵
      • Program crash
      PID:456
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4948 -ip 4948
    1⤵
      PID:1264

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2568-133-0x0000000000000000-mapping.dmp

    • memory/4948-132-0x0000000000400000-0x0000000000500000-memory.dmp

      Filesize

      1024KB