Overview

overview

3

Static

static

3

1ff7a707ad...62.exe

windows7-x64

3

1ff7a707ad...62.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ff7a707adb7987113c5bbad948a3062.exe

  • Size

    228KB

  • MD5

    1ff7a707adb7987113c5bbad948a3062

  • SHA1

    7b4357c1ec2eb9069c81472270dc2eb9ea3f286c

  • SHA256

    20bd8f0efcfcfb353e41a5bc8f15a721fcdcaa6e36fcb9e103892285d2abeae0

  • SHA512

    0ba6644a875ab2582c6fcf89c79b40c0e07af0f3fb4d6d228f0602740daf52eae9bfee82b22c672d117998f133bb70627943f42fa26b5ee94600bb4d5df1c67f

  • SSDEEP

    6144:Jz/iqTctJwc2nbNNkYAjrvCM7bgkWg4qVwNWjcV:J+qTctJ2nbNNk5jrv57bgbWw7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ff7a707adb7987113c5bbad948a3062.exe
    "C:\Users\Admin\AppData\Local\Temp\1ff7a707adb7987113c5bbad948a3062.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 300
      2⤵
      • Program crash
      PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3020-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-2-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/3020-1-0x00000000002C0000-0x00000000002F8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3020-0-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/3020-4-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/3020-6-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download