Overview

overview

7

Static

static

7

8609995db3...a0.exe

windows7-x64

3

8609995db3...a0.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14-03-2023 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8609995db3684d426a0e91beaecc172fab0fa43e1006da16c0ef5ed6beb795a0.exe

  • Size

    4.9MB

  • MD5

    3988b740a776a88f8a3ba9ddfaa6cbb1

  • SHA1

    50758016066c9353b6b0db360fd5ed30cf56a0d8

  • SHA256

    8609995db3684d426a0e91beaecc172fab0fa43e1006da16c0ef5ed6beb795a0

  • SHA512

    cda9e23dbe10ae968715c08dcedcc274248f0c441a60a652d3c923d8ca7edd50adf6a026a43eb34032533440e4f3ecf5b9ee8d03f867bf3dad32cbc53a4c8830

  • SSDEEP

    98304:uxxSruAGbl51kDt/H9bieeN7AaZRdZDHLCh/M6/yVacc/:CSrk31Y1bdeNkaZR/nCh/M6aVaX/

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8609995db3684d426a0e91beaecc172fab0fa43e1006da16c0ef5ed6beb795a0.exe
    "C:\Users\Admin\AppData\Local\Temp\8609995db3684d426a0e91beaecc172fab0fa43e1006da16c0ef5ed6beb795a0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 212
      2⤵
      • Program crash
      PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1192-54-0x0000000000400000-0x00000000010E3000-memory.dmp
    Filesize

    12.9MB

    Download
  • memory/1192-57-0x0000000000400000-0x00000000010E3000-memory.dmp
    Filesize

    12.9MB

    Download