Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2023 02:24

General

  • Target

    915aee146b74ebdcb6977376ea8c7718a53b73e1771261035790e8d3e33668c3.exe

  • Size

    288KB

  • MD5

    b4cb2af3d9ca46dc2f3444cb1e568c44

  • SHA1

    566d9c5c4035292a3f4fea2e9ebd109e96830fac

  • SHA256

    915aee146b74ebdcb6977376ea8c7718a53b73e1771261035790e8d3e33668c3

  • SHA512

    40894820348890d26ede3a3ccec65e3e12c977e16b693ec2132b71e403f4e2774c4b76c82d6a4e1acb6054c40afa57d5501f3de2010d1294e7da1d97bec6c251

  • SSDEEP

    3072:kumypIWRhGM2TKmrWR51RaRiOyG5phEP0oY856:xb/hG9TKEWX1qdyG5phEPH

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\915aee146b74ebdcb6977376ea8c7718a53b73e1771261035790e8d3e33668c3.exe
    "C:\Users\Admin\AppData\Local\Temp\915aee146b74ebdcb6977376ea8c7718a53b73e1771261035790e8d3e33668c3.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 256
      2⤵
      • Program crash
      PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2176-54-0x0000000000450000-0x0000000000452000-memory.dmp
    Filesize

    8KB

  • memory/2176-55-0x0000000000400000-0x000000000041D000-memory.dmp
    Filesize

    116KB

  • memory/2176-59-0x0000000000420000-0x0000000000447000-memory.dmp
    Filesize

    156KB