Analysis
-
max time kernel
40s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
26-03-2023 10:08
Static task
static1
Behavioral task
behavioral1
Sample
8a1aefc.exe
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
8a1aefc.exe
Resource
win10v2004-20230221-en
6 signatures
150 seconds
General
-
Target
8a1aefc.exe
-
Size
729KB
-
MD5
ab910af97f58303c92c89331b3573211
-
SHA1
84bd15105f9a60fdb63831e631a2ae7ea2ad6b12
-
SHA256
db693a6e2d410779dd0406e72d770fc10e682442658eec302b9254ff1f708727
-
SHA512
6469793738cb9f7cb8ec5b3529add7cf4e557a66559f9c3d6de3c8d72fa69204fa8f7d9b09c1e8f0fd7f0ccdb6dc243783737ff6f1d29136e5416604d8ea58a6
-
SSDEEP
12288:D4b4eMrbvbVqjEHsAGM6us7Fg5D+O0UZ0CDzc5IKBtxRvK/sp5:F+GsAxs7iDhF6CXcHI/s
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1188 1716 WerFault.exe 8a1aefc.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
8a1aefc.exedescription pid process target process PID 1716 wrote to memory of 1188 1716 8a1aefc.exe WerFault.exe PID 1716 wrote to memory of 1188 1716 8a1aefc.exe WerFault.exe PID 1716 wrote to memory of 1188 1716 8a1aefc.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1716-54-0x00000000001A0000-0x000000000025A000-memory.dmpFilesize
744KB