Overview

overview

3

Static

static

3

6ea9819f3a...25.exe

windows7-x64

3

6ea9819f3a...25.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 12:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6ea9819f3a438a240d889694481b3425.exe

  • Size

    996KB

  • MD5

    6ea9819f3a438a240d889694481b3425

  • SHA1

    2790b249018e6766cdae15589a2e6ac7e3db5c15

  • SHA256

    aae96ebba1b998f3a24f35f728e964a028fe94d017dea40b0aa496b37f86aa03

  • SHA512

    e94e09692727b0b998da5785cc02547bd413d00148f36367e7b9bfb5e5f714491bae6cc342e09d0dbe35b6e640943c8f91076f79a2e24c05d45ce48cd4105ab4

  • SSDEEP

    12288:ETTDFMZezpSmg8qSxaIWaqzOqHnnC44quAn+pAq9+vZvMw7+oAKADr4DVleTYmKa:ETTDFn3qFIWzzpC4h+pAqkRvvvAUpmdt

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ea9819f3a438a240d889694481b3425.exe
    "C:\Users\Admin\AppData\Local\Temp\6ea9819f3a438a240d889694481b3425.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 252
      2⤵
      • Program crash
      PID:1676

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2188-0-0x0000000000220000-0x0000000000230000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2188-1-0x0000000000270000-0x0000000000280000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2188-2-0x0000000000280000-0x0000000000290000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2188-3-0x00000000002A0000-0x00000000002B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2188-4-0x00000000002B0000-0x00000000002C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2188-5-0x00000000002C0000-0x00000000002D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2188-7-0x00000000002E0000-0x00000000002F0000-memory.dmp

          Filesize

          64KB

          Download