Analysis
-
max time kernel
194s -
max time network
225s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25-11-2022 19:31
General
-
Target
fab9804ce4eb14e87105e8d366327c544a7f3dae0a78c49344f2a8a1df7b5931.exe
-
Size
152KB
-
MD5
aa4a68e654ddbd11497236f99476d200
-
SHA1
f5710f17110c64a67aaf71c13d75bd947ecf0d78
-
SHA256
fab9804ce4eb14e87105e8d366327c544a7f3dae0a78c49344f2a8a1df7b5931
-
SHA512
c6894e52b667c2f6d9cd9f8168a392060bb3b1f89643cef03172b20d3536076adc7f94b9ee59bfd5bda5c7c347f7f45becfc634d8c45df3c1b788e05e5f73652
-
SSDEEP
1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fab9804ce4eb14e87105e8d366327c544a7f3dae0a78c49344f2a8a1df7b5931.exe"C:\Users\Admin\AppData\Local\Temp\fab9804ce4eb14e87105e8d366327c544a7f3dae0a78c49344f2a8a1df7b5931.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 4642⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 4642⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1752 -ip 17521⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4000-134-0x0000000000000000-mapping.dmp