Overview

overview

8

Static

static

3

644d7b2a5b...f1.exe

windows7-x64

8

644d7b2a5b...f1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    33s
  • max time network
    96s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2023, 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    644d7b2a5b77af5c208cd25183d1fd2ef5166839c2527feed817a9edf8428af1.exe

  • Size

    1.8MB

  • MD5

    ee9aae527b76d820d8073cfc8aadd2a6

  • SHA1

    4173a59c04c8caae5d6dedef6a44eed3563fd07d

  • SHA256

    644d7b2a5b77af5c208cd25183d1fd2ef5166839c2527feed817a9edf8428af1

  • SHA512

    83abce43e3dc9392f80325d14aa4f8d57a6e90f6539292d28aa1c743b250df37a7a12202d3d9a5af2053141d0aadca455c4bf2249eabf1155f081ccbac8c5093

  • SSDEEP

    49152:br7lvXVA25XQvTL+khaqsw7Srlvg+VenyDw5:xvXVACXQ7qkhaq97KAnyk

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\644d7b2a5b77af5c208cd25183d1fd2ef5166839c2527feed817a9edf8428af1.exe
    "C:\Users\Admin\AppData\Local\Temp\644d7b2a5b77af5c208cd25183d1fd2ef5166839c2527feed817a9edf8428af1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1352 -s 580
      2⤵
      • Program crash
      PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\zd.jpg
    Filesize

    2KB

    MD5

    e65a03587ea6b52977c0a4c1759b8b75

    SHA1

    9b04a5ec73802f7b341a770d3d5c3154b3f27067

    SHA256

    a224a491569937752415b96382e1fe12d5c645234d058bc08255227983993d76

    SHA512

    8a2066fc9b53d39430712dedb24701327ea82faf38857ace4fc220eafc6dbd90761b8fa0b2e70e6ca8cdcdbf3f2fc4576be824fdd915e39bc36b089510fa6f1c

    Download Submit

  • memory/1352-54-0x000000013F9C0000-0x000000013FE84000-memory.dmp

    Filesize

    4.8MB

    Download