Analysis

  • max time kernel
    340s
  • max time network
    354s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 15:38

General

  • Target

    cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe

  • Size

    613KB

  • MD5

    571c5c70a7f1a5402e9e28d6e0cc16e7

  • SHA1

    1cc8724098dd02a0452ea7e91de1dec9db61f189

  • SHA256

    cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc

  • SHA512

    91d09e259651c5b24ca8324ef6312b65ad8b2fea3cf9418363210381f1e794087f3bdf8e4478478366ef339242c1c12537dd4f0eefe5ad2fba698d5b938f479a

  • SSDEEP

    12288:ka8zKTLPe75vXUgRFg2vVrUD85/GMeWuq/Sp5vT4ERnyhi/FaI0zZbl+08kDtV:ka8zKTL275vXUgRFNoY+Lq/SzT/hNYZj

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe
    "C:\Users\Admin\AppData\Local\Temp\cf4cca2625d7346d0285eebfde1f518846ea7a10c9dbd598fd3b084543c019bc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4292
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 408
      2⤵
      • Program crash
      PID:856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 408
      2⤵
      • Program crash
      PID:2360
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4292 -ip 4292
    1⤵
      PID:1784

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads