Overview

overview

3

Static

static

bf45c11189...43.exe

windows7-x64

3

bf45c11189...43.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    181s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf45c1118978f464635f20b0ac564a816c100a446a9b0ab198bfbc8370ed7c43.exe

  • Size

    814KB

  • MD5

    441594e30e5c805cfcb0dd55afca170a

  • SHA1

    6d38d27c2516bfe447d0b951d92b8c2219b8e0ff

  • SHA256

    bf45c1118978f464635f20b0ac564a816c100a446a9b0ab198bfbc8370ed7c43

  • SHA512

    ec81a86d3e4c72dce44d65b1ec1fe72f73d0d2d0404bfd7bf5d01d7e8708e263bd6f8b14e98f1cd2bc449862d2795d2f212a21b487458485f6107ccb878c3871

  • SSDEEP

    12288:kqn6Lm4kx8tbf58Xc/jYfN3UQ9QUfISIRzoQZwTaFdGz:k+6SDx8tCXX1EQ91icdGY

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf45c1118978f464635f20b0ac564a816c100a446a9b0ab198bfbc8370ed7c43.exe
    "C:\Users\Admin\AppData\Local\Temp\bf45c1118978f464635f20b0ac564a816c100a446a9b0ab198bfbc8370ed7c43.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 212
      2⤵
      • Program crash
      PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1740-56-0x0000000000000000-mapping.dmp

    Download

  • memory/2044-54-0x0000000075E61000-0x0000000075E63000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2044-55-0x0000000000C30000-0x0000000000CD9000-memory.dmp

    Filesize

    676KB

    Download

  • memory/2044-57-0x0000000000C30000-0x0000000000CD9000-memory.dmp

    Filesize

    676KB

    Download