Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-12-2023 08:05
General
-
Target
10dd9d8df04d097d5700133143188d48.exe
-
Size
75KB
-
MD5
10dd9d8df04d097d5700133143188d48
-
SHA1
7138b909af43556aa633cb3525eead2cc4e504f6
-
SHA256
28a671a1fb0a9208aee1a3ed45579d468c6c56b39e24988b2a621ef15f105305
-
SHA512
f55fcd1538220da17ff74ebb2b7ee2fc4599110b8f54a62b9b4db781895bb1770123c89da775e413ae6d182a402c9095ac6cd52c30d1fae068b1c05817251f0f
-
SSDEEP
768:jZKM11gG4ChfiPO0rfz0shcUypMC5/VKhZyg3iw7hw:gMDgG4ChfiPOefgsOUqQwgA
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Drops file in Windows directory 14 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 921⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\10dd9d8df04d097d5700133143188d48.exe"C:\Users\Admin\AppData\Local\Temp\10dd9d8df04d097d5700133143188d48.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD55b3c5f69687bb3d9fbea06abe4c329bd
SHA137b892485b0f8d504ad7471438ef60021e288d62
SHA25688a00bd92ff83e044623bdde909d2d7c74625667d26a917bd477184e5039f21f
SHA5123efe6a96c1638a217ac679ab41798240a33c0f21877cd3e66c78570697e9c9d26f5d7c4a4d13d85b84ce2c9eafa944e63eaa698496be4c5c6d3140768f0955ff