84aa81d5ffe2f816c1b24ebb264af1657ba67c6b524589e6f25a7850aeb9e4fc

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15/10/2023, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe
Size

250KB
MD5

fe6a7d3df9487a5b4de3f343365a4d40
SHA1

e7e29c4c00cb8d4888260978c8ed97c10dd5eb2a
SHA256

84aa81d5ffe2f816c1b24ebb264af1657ba67c6b524589e6f25a7850aeb9e4fc
SHA512

f17e52d129906d52aabad8d7471bdbb1ec3857235a36501ce2a62939299ea28afce2f9c63480ea8a0decac5c81b53554f8592a00e20da88feb229eff6c4aa5f9
SSDEEP

3072:AX1/MVID9mJCu4njCnaRdsSqX656NzLPT2U/z59Q7:AuCVucCnud5I/2Uw7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1688	2188	WerFault.exe	27

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 1688	2188	fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe	28
PID 2188 wrote to memory of 1688	2188	fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe	28
PID 2188 wrote to memory of 1688	2188	fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe	28
PID 2188 wrote to memory of 1688	2188	fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe	28
PID 2188 wrote to memory of 1688	2188	fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe	28
PID 2188 wrote to memory of 1688	2188	fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe	28
PID 2188 wrote to memory of 1688	2188	fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe	28

C:\Users\Admin\AppData\Local\Temp\fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe
"C:\Users\Admin\AppData\Local\Temp\fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 476
  2⤵
  - Program crash
  PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...