6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06-12-2023 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f.exe
Size

159.7MB
MD5

75087ced1f163d2c7770004ba117f1cf
SHA1

320e5d9c04f6c0ad9861262a81019efb0631feff
SHA256

6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f
SHA512

30eaa4955850c50156fb5f83d57867bda51bdf0b25343c7489156cb90c60a04927bd0f4910e092199a9f68e66dedf6cdf0ec087263bb047bf0573a7de11543a6
SSDEEP

786432:hhpmi4LpgapMr7WN3KPqiVtAnnFWZEjdmXNDGY6zZyBdTtLwSTRpf4P1wT1M9t0Y:hhn4LpgF3TVGnBJm9pkcEtmMD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f.exe

description	pid	process	target process
PID 2232 wrote to memory of 1948	2232	6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f.exe	WerFault.exe
PID 2232 wrote to memory of 1948	2232	6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f.exe	WerFault.exe
PID 2232 wrote to memory of 1948	2232	6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f.exe
"C:\Users\Admin\AppData\Local\Temp\6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2232 -s 1320
2⤵
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-0-0x0000000180000000-0x0000000180A25000-memory.dmp

Filesize
10.1MB

Download
memory/2232-3-0x0000000003100000-0x00000000031FE000-memory.dmp

Filesize
1016KB

Download
memory/2232-4-0x000000013F960000-0x0000000140294000-memory.dmp

Filesize
9.2MB

Download
memory/2232-7-0x0000000001F00000-0x0000000001F20000-memory.dmp

Filesize
128KB

Download
memory/2232-10-0x0000000003EC0000-0x0000000004B71000-memory.dmp

Filesize
12.7MB

Download
memory/2232-19-0x0000000001C00000-0x0000000001C0D000-memory.dmp

Filesize
52KB

Download
memory/2232-16-0x0000000002E70000-0x0000000002F31000-memory.dmp

Filesize
772KB

Download
memory/2232-13-0x0000000001F20000-0x0000000001F32000-memory.dmp

Filesize
72KB

Download
memory/2232-22-0x0000000001BE0000-0x0000000001BF8000-memory.dmp

Filesize
96KB

Download
memory/2232-25-0x00000000026A0000-0x00000000026B3000-memory.dmp

Filesize
76KB

Download
memory/2232-31-0x00000000026F0000-0x0000000002711000-memory.dmp

Filesize
132KB

Download
memory/2232-40-0x00000000026C0000-0x00000000026EA000-memory.dmp

Filesize
168KB

Download
memory/2232-37-0x0000000002720000-0x000000000273D000-memory.dmp

Filesize
116KB

Download
memory/2232-34-0x00000000027F0000-0x0000000002830000-memory.dmp

Filesize
256KB

Download
memory/2232-43-0x0000000003890000-0x0000000003945000-memory.dmp

Filesize
724KB

Download
memory/2232-46-0x0000000002FD0000-0x0000000003053000-memory.dmp

Filesize
524KB

Download
memory/2232-49-0x0000000001F50000-0x0000000001F57000-memory.dmp

Filesize
28KB

Download
memory/2232-52-0x0000000001D10000-0x0000000001D1A000-memory.dmp

Filesize
40KB

Download
memory/2232-55-0x0000000002F70000-0x0000000002F86000-memory.dmp

Filesize
88KB

Download
memory/2232-58-0x0000000003080000-0x0000000003096000-memory.dmp

Filesize
88KB

Download
memory/2232-61-0x00000000030D0000-0x00000000030F9000-memory.dmp

Filesize
164KB

Download
memory/2232-64-0x0000000003300000-0x0000000003347000-memory.dmp

Filesize
284KB

Download
memory/2232-67-0x0000000003680000-0x00000000036BE000-memory.dmp

Filesize
248KB

Download
memory/2232-118-0x000000013F960000-0x0000000140294000-memory.dmp

Filesize
9.2MB

Download