6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18-04-2023 14:52

Target

Ambrosial (1).exe
Size

15.9MB
MD5

596b0f4684d45de83c204967c06e48a3
SHA1

933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA256

6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA512

8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
SSDEEP

196608:64WxsIO2gfRMhSE8/Erd8QP+ih91qBpodTAIRq+2vBt:64WuIO2gfRMYbcr6QP391qBafC

Score

4^/10

Drops file in Windows directory 2 IoCs

Processes:

Ambrosial (1).exe

description	ioc	process
File created	C:\Windows\Fonts\Azonix.otf	Ambrosial (1).exe
File opened for modification	C:\Windows\Fonts\Azonix.otf	Ambrosial (1).exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

944 1408 WerFault.exe Ambrosial (1).exe

pid	pid_target	process	target process
944	1408	WerFault.exe	Ambrosial (1).exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Ambrosial (1).exe

description	pid	process	target process
PID 1408 wrote to memory of 944	1408	Ambrosial (1).exe	WerFault.exe
PID 1408 wrote to memory of 944	1408	Ambrosial (1).exe	WerFault.exe
PID 1408 wrote to memory of 944	1408	Ambrosial (1).exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe
"C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1408 -s 592
  2⤵
  - Program crash
  PID:944

C:\Windows\Fonts\Azonix.otf

Filesize
11KB

MD5
cdfe47b31e9184a55cf02eef1baf7240

SHA1
b8825c605434d572f5277be0283d5a9b2cde59e4

SHA256
51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9

SHA512
a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5

Download Submit
memory/1408-54-0x0000000000C90000-0x0000000001C7A000-memory.dmp

Filesize
15.9MB

Download
memory/1408-55-0x0000000000750000-0x000000000076C000-memory.dmp

Filesize
112KB

Download
memory/1408-56-0x0000000003210000-0x000000000322A000-memory.dmp

Filesize
104KB

Download
memory/1408-63-0x0000000000780000-0x0000000000800000-memory.dmp

Filesize
512KB

Download
memory/1408-64-0x0000000000780000-0x0000000000800000-memory.dmp

Filesize
512KB

Download