Overview

overview

10

Static

static

10

bed327106a...64.exe

windows7-x64

3

bed327106a...64.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 10:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bed327106aefbb9915ff6ecdc8a3054ef66c500f3ea536342d021387cc98ac64.exe

  • Size

    106KB

  • MD5

    9dee89fafc4668d9d7eec85ce253c0e1

  • SHA1

    9dc0e87e14131eaafdddc7c1a8cbc0507ba12c81

  • SHA256

    bed327106aefbb9915ff6ecdc8a3054ef66c500f3ea536342d021387cc98ac64

  • SHA512

    27666c861f4a3acd2bde1d6e2fcd1381733c58087db4e6e701e73e59ff2bc23fb3e5ed8671d6ec9c1fca22833696361a75df5b49481504f8e9253c843a4ad919

  • SSDEEP

    1536:qkh9pBESK2vp4DRWZaIOescL3e8xxxFvljWmzhl1p8IwFRlBRT3UbrT8Op2Boj:X9pBzK2Ral21xxx/tVd8I0RlBRTmZB

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bed327106aefbb9915ff6ecdc8a3054ef66c500f3ea536342d021387cc98ac64.exe
    "C:\Users\Admin\AppData\Local\Temp\bed327106aefbb9915ff6ecdc8a3054ef66c500f3ea536342d021387cc98ac64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 124
      2⤵
      • Program crash
      PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1312-54-0x0000000000000000-mapping.dmp
    Download