Resubmissions

28/03/2023, 20:45

230328-zj5j8adc69 7

Analysis

  • max time kernel
    140s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2023, 20:45

General

  • Target

    real.exe

  • Size

    10.2MB

  • MD5

    5db31270f13ff653da149f7711ca0e28

  • SHA1

    a5548175212887c0c063e085870c45f2b5bfa31e

  • SHA256

    8a14f77aacbfaa100c9edc4e1fd055e1ab48a64dd49839ab5e84a3b3b5bff78e

  • SHA512

    e117cdcd42e7f7192fda9a36826f61b75ccb44d464fe8bb2c283692d63310074927fee320cedcfcd746c078d28714074a923b030deb414d68d824e0735c06e43

  • SSDEEP

    49152:b/m+QJEBLOHAkThmIqD2xx/qldoJ6fhtJk5IDm2V4QNhAejRmf4ljRmz4gl4EyKj:VO3r9M4QE4w4gYoAUo46Tb7sSl

Score
7/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\real.exe
    "C:\Users\Admin\AppData\Local\Temp\real.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 848 -s 316
      2⤵
      • Program crash
      PID:268

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/848-68-0x0000000000400000-0x0000000000E39000-memory.dmp

    Filesize

    10.2MB