Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
09-02-2023 05:40
General
-
Target
013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe
-
Size
5.0MB
-
MD5
d85977e42b3104b4f170d38d205fa245
-
SHA1
f8c9a471cb588af86fe7df261fde4fb7e23fec0d
-
SHA256
013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82
-
SHA512
34df13c448374690aa8e5001b398c16c6be26d782fe31dc8bb1e14baacb395770ef8207a9512c87c4e6c84e37987c91228cd08e7f1e5c604cbe889788133cfef
-
SSDEEP
98304:IzoGZR6vxb0pbLnVcDtZmIwMFFpqqq4V1sdSHNl0H/MqzDpNhHiA8aQpnZS2c:I0VpIFcxZ53qqq+sdUl69NdiApiE2
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe"C:\Users\Admin\AppData\Local\Temp\013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 6002⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1220-57-0x0000000000000000-mapping.dmp
-
memory/1488-54-0x0000000074AB1000-0x0000000074AB3000-memory.dmpFilesize
8KB
-
memory/1732-55-0x0000000000000000-mapping.dmp
-
memory/1732-56-0x000007FEFB6D1000-0x000007FEFB6D3000-memory.dmpFilesize
8KB