0582c913cf93a18f412f6fab2b3261f110b5a338abe712fa9d519650e313ca4f | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/07/2023, 12:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

X3XFY.NET.exe
Size

3.5MB
MD5

5faa486c702c0adadb710435fc9755cb
SHA1

6443f093ebabbe976c6d6d7a13f8e0f55b2fcff8
SHA256

0582c913cf93a18f412f6fab2b3261f110b5a338abe712fa9d519650e313ca4f
SHA512

2dd860b386ab347c2ab8fb2b3aad889a471dd04af4dac35e1f482768a960b3bba5dc6b64cc09fcaae62a901c0476ef69f23dd729791c221dad805a5c55b8b37c
SSDEEP

49152:4teqbYQWYD6zm8QWY6zma0Y6qvkp9KLQEzjcaSXRDPzcsoAczm:/Lzm8Xzmap6qM8PjBSXRDPYsoTzm

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1588	2572	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 1588	2572	X3XFY.NET.exe	28
PID 2572 wrote to memory of 1588	2572	X3XFY.NET.exe	28
PID 2572 wrote to memory of 1588	2572	X3XFY.NET.exe	28

C:\Users\Admin\AppData\Local\Temp\X3XFY.NET.exe
"C:\Users\Admin\AppData\Local\Temp\X3XFY.NET.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2572 -s 532
  2⤵
  - Program crash
  PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2572-54-0x0000000001230000-0x00000000015C0000-memory.dmp

Filesize
3.6MB

Download
memory/2572-55-0x000007FEF60A0000-0x000007FEF6A8C000-memory.dmp

Filesize
9.9MB

Download
memory/2572-56-0x000007FEF60A0000-0x000007FEF6A8C000-memory.dmp

Filesize
9.9MB

Download