Overview

overview

3

Static

static

3

337251ce84...JC.exe

windows7-x64

3

337251ce84...JC.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 22:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    337251ce84a6f3d04c0bea98cd2366536bb52222f6eda3e44c529946428bfb7b_JC.exe

  • Size

    5.3MB

  • MD5

    df924dbe8227c36ef43c847f14e6c8c2

  • SHA1

    a4cac87cdde14db060f133221fbc3cccc4ca49dd

  • SHA256

    337251ce84a6f3d04c0bea98cd2366536bb52222f6eda3e44c529946428bfb7b

  • SHA512

    fe2bcd6f04298bb3437a5290d333dcd5c89a0616c46e801f566b9a96ed113c03314c0f06277a9311d0e7fd20fa47c816b47ebbb68b472b85e8e8102fe55bd401

  • SSDEEP

    98304:yyFRhG4DkIVJiiNvwp0NCbidT1qX29ovjyRze3heteZvXRZhJjvrF:yyX0ml+0QbMT122iyRKxeQFBZTzrF

Score
3/10

Malware Config

Signatures

  • Program crash 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\337251ce84a6f3d04c0bea98cd2366536bb52222f6eda3e44c529946428bfb7b_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\337251ce84a6f3d04c0bea98cd2366536bb52222f6eda3e44c529946428bfb7b_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 576
      2⤵
      • Program crash
      PID:216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 576
      2⤵
      • Program crash
      PID:4680
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 576
      2⤵
      • Program crash
      PID:4884
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1324 -ip 1324
    1⤵
      PID:3872
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1324 -ip 1324
      1⤵
        PID:1624

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1324-0-0x0000000000400000-0x00000000014D1000-memory.dmp

        Filesize

        16.8MB

        Download

      • memory/1324-1-0x0000000003840000-0x00000000043AF000-memory.dmp

        Filesize

        11.4MB

        Download

      • memory/1324-2-0x0000000000400000-0x00000000014D1000-memory.dmp

        Filesize

        16.8MB

        Download

      • memory/1324-3-0x0000000000400000-0x00000000014D1000-memory.dmp

        Filesize

        16.8MB

        Download