a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/11/2022, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17.exe
Size

25KB
MD5

8294c4ee47d25eff30fddc0e62967e83
SHA1

b62ca20da8081937794824bd9357e3d2f06d472f
SHA256

a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17
SHA512

2ce05e87b14d6b85a8c2c32462d29b5b79c8a739b5514fb0522cd7854826bd45dcd26b7530ded5eac3420e6624cd2a1a7b3612b04a4a2462bd95780fac9bf2e6
SSDEEP

384:kBETCy6xJrJ577uGdqntN0rR7BMsC09Tq/59j5bKPGW1vx:ki1wFV4ntQR7qsJ9Ta59tKuWhx

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1056	1816	WerFault.exe	26

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 1056	1816	a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17.exe	27
PID 1816 wrote to memory of 1056	1816	a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17.exe	27
PID 1816 wrote to memory of 1056	1816	a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17.exe	27
PID 1816 wrote to memory of 1056	1816	a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17.exe	27

C:\Users\Admin\AppData\Local\Temp\a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17.exe
"C:\Users\Admin\AppData\Local\Temp\a4f27c838b20da23bf842c100aa68baf89ec9e7326178b3ca35374f3760ece17.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 172
  2⤵
  - Program crash
  PID:1056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1816-54-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download