Analysis

  • max time kernel
    40s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2023 10:08

General

  • Target

    8a1aefc.exe

  • Size

    729KB

  • MD5

    ab910af97f58303c92c89331b3573211

  • SHA1

    84bd15105f9a60fdb63831e631a2ae7ea2ad6b12

  • SHA256

    db693a6e2d410779dd0406e72d770fc10e682442658eec302b9254ff1f708727

  • SHA512

    6469793738cb9f7cb8ec5b3529add7cf4e557a66559f9c3d6de3c8d72fa69204fa8f7d9b09c1e8f0fd7f0ccdb6dc243783737ff6f1d29136e5416604d8ea58a6

  • SSDEEP

    12288:D4b4eMrbvbVqjEHsAGM6us7Fg5D+O0UZ0CDzc5IKBtxRvK/sp5:F+GsAxs7iDhF6CXcHI/s

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a1aefc.exe
    "C:\Users\Admin\AppData\Local\Temp\8a1aefc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1716 -s 520
      2⤵
      • Program crash
      PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1716-54-0x00000000001A0000-0x000000000025A000-memory.dmp
    Filesize

    744KB