b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a

Analysis

max time kernel
73s
max time network
85s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 09:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe
Size

129KB
MD5

f34d6043f68bebe820e7d433afa036f9
SHA1

6799b116086add8a2904a29a834c79b3628ed01b
SHA256

b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a
SHA512

0c3b8875bd0ddbb4666dbc5bb77b036cbe89b98553cb8fb0e7d6163b9081851c495bc580311a6d291a2cf4773a39e4bcd4e5182ad04a59d2a036c82adb4597a4
SSDEEP

3072:HTDTqoivk9IkwYURuXSz6MDh9J2dK0+LR+FmwNy6z:zHo7Rp6W70+sFmwo6z

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
936	File1.exe
2036	File2.exe

Loads dropped DLL 14 IoCs

pid	Process
1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe
1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe
1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1320	936	WerFault.exe	27
1760	2036	WerFault.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe
936	File1.exe
2036	File2.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 936	1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe	27
PID 1364 wrote to memory of 936	1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe	27
PID 1364 wrote to memory of 936	1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe	27
PID 1364 wrote to memory of 936	1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe	27
PID 936 wrote to memory of 1320	936	File1.exe	28
PID 936 wrote to memory of 1320	936	File1.exe	28
PID 936 wrote to memory of 1320	936	File1.exe	28
PID 936 wrote to memory of 1320	936	File1.exe	28
PID 1364 wrote to memory of 2036	1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe	29
PID 1364 wrote to memory of 2036	1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe	29
PID 1364 wrote to memory of 2036	1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe	29
PID 1364 wrote to memory of 2036	1364	b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe	29
PID 2036 wrote to memory of 1760	2036	File2.exe	30
PID 2036 wrote to memory of 1760	2036	File2.exe	30
PID 2036 wrote to memory of 1760	2036	File2.exe	30
PID 2036 wrote to memory of 1760	2036	File2.exe	30

C:\Users\Admin\AppData\Local\Temp\b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe
"C:\Users\Admin\AppData\Local\Temp\b7d275b3bd2e9f4c9df27dec4131990cf334241b92157c9b7cb4e1796f132e2a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Roaming\File1.exe
  C:\Users\Admin\AppData\Roaming\File1.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:936
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 212
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1320
- C:\Users\Admin\AppData\Roaming\File2.exe
  C:\Users\Admin\AppData\Roaming\File2.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 212
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
C:\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
C:\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
C:\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
\Users\Admin\AppData\Roaming\File1.exe

Filesize
129KB

MD5
66e8791f95a3955b474e611b992d2b7d

SHA1
98819722dfc903731c2ff9d35541a2988b6a2b72

SHA256
55b46e6e12412c6599920f4f4d2a07147e07fbbe84a4a9e824793c7059844793

SHA512
c125df6250b48ce7a12defe6c0a68d2f70f22aadd2b6ed700f76ada4fda78a8bff8f08bbd14b4681143f56c5d4ef5880998b63022373da7bedaea494f5937322

Download Submit
\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
\Users\Admin\AppData\Roaming\File2.exe

Filesize
129KB

MD5
40a07b508c88b6bf4673a915b4460896

SHA1
d839394f2f0259443abea20f8c20063c3e81b470

SHA256
6a91c03971317345ea81d14e3b9a2cb4605f0d29eef8fff571bb0819b3a46d2a

SHA512
eba6916ad3cfe4ed8fa7e835b0d97970a92335a3e587524dd18e3b78fd50a4b9a6c94789b91e9af74b0fa2cf076af8c59f8e6ce7250a9b96501270697d8708bd

Download Submit
memory/936-71-0x0000000000400000-0x000000000040E001-memory.dmp

Filesize
56KB

Download
memory/1364-66-0x0000000000310000-0x000000000031F000-memory.dmp

Filesize
60KB

Download
memory/1364-89-0x0000000000310000-0x000000000031F000-memory.dmp

Filesize
60KB

Download
memory/1364-88-0x0000000000310000-0x000000000031F000-memory.dmp

Filesize
60KB

Download
memory/1364-87-0x0000000000310000-0x000000000031F000-memory.dmp

Filesize
60KB

Download
memory/1364-73-0x0000000000400000-0x000000000040E001-memory.dmp

Filesize
56KB

Download
memory/1364-65-0x0000000000310000-0x000000000031F000-memory.dmp

Filesize
60KB

Download
memory/1364-82-0x0000000000310000-0x000000000031F000-memory.dmp

Filesize
60KB

Download
memory/1364-55-0x0000000000400000-0x000000000040E001-memory.dmp

Filesize
56KB

Download
memory/1364-92-0x0000000000400000-0x000000000040E001-memory.dmp

Filesize
56KB

Download
memory/2036-90-0x0000000000400000-0x000000000040E001-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads