9a418f80ec2064f9954160a90644f1f6b107711ad152113a2ef72554ae0aa2b9

Analysis

max time kernel
119s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d12a9d3406bd1e9ea8a4cc01c3215c8.exe
Size

642KB
MD5

2d12a9d3406bd1e9ea8a4cc01c3215c8
SHA1

98269228313a0d389fcfa59d4b025380be332d73
SHA256

9a418f80ec2064f9954160a90644f1f6b107711ad152113a2ef72554ae0aa2b9
SHA512

d933371436ba6c373180c9040dd48e5eb64e447126344b3c227458cba84d9b89de4a3c837fc8355ee4d098fbce349b37bcdcc87c2c37dfd6d9fda9052a18e826
SSDEEP

12288:PEiOcPfZHHo39217zBO6KoBF3Z4mxx1DqVTVOCAq6S:PEiOcPfxoNWYluQmXEVTzAA

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\paramstr.txt	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2592	632	WerFault.exe	14

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 2716	632	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe	22
PID 632 wrote to memory of 2716	632	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe	22
PID 632 wrote to memory of 2716	632	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe	22
PID 632 wrote to memory of 2716	632	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe	22
PID 632 wrote to memory of 2592	632	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe	21
PID 632 wrote to memory of 2592	632	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe	21
PID 632 wrote to memory of 2592	632	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe	21
PID 632 wrote to memory of 2592	632	2d12a9d3406bd1e9ea8a4cc01c3215c8.exe	21

C:\Users\Admin\AppData\Local\Temp\2d12a9d3406bd1e9ea8a4cc01c3215c8.exe
"C:\Users\Admin\AppData\Local\Temp\2d12a9d3406bd1e9ea8a4cc01c3215c8.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 316
  2⤵
  - Program crash
  PID:2592
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/632-0-0x0000000000400000-0x0000000000511000-memory.dmp

Filesize
1.1MB

Download
memory/632-26-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/632-51-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/632-50-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/632-49-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/632-64-0x0000000004220000-0x0000000004221000-memory.dmp

Filesize
4KB

Download
memory/632-63-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/632-62-0x0000000004200000-0x0000000004201000-memory.dmp

Filesize
4KB

Download
memory/632-61-0x0000000003740000-0x0000000003741000-memory.dmp

Filesize
4KB

Download
memory/632-60-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/632-59-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/632-58-0x0000000003700000-0x0000000003701000-memory.dmp

Filesize
4KB

Download
memory/632-57-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/632-56-0x00000000036E0000-0x00000000036E1000-memory.dmp

Filesize
4KB

Download
memory/632-55-0x00000000036F0000-0x00000000036F1000-memory.dmp

Filesize
4KB

Download
memory/632-54-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/632-53-0x00000000036D0000-0x00000000036D1000-memory.dmp

Filesize
4KB

Download
memory/632-48-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/632-47-0x0000000003660000-0x0000000003661000-memory.dmp

Filesize
4KB

Download
memory/632-46-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/632-45-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/632-44-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/632-43-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/632-42-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/632-41-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/632-40-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/632-39-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/632-38-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/632-37-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/632-36-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/632-35-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/632-34-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/632-33-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/632-32-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/632-31-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/632-30-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/632-29-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/632-28-0x0000000003430000-0x0000000003431000-memory.dmp

Filesize
4KB

Download
memory/632-27-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/632-25-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/632-24-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/632-23-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/632-22-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/632-21-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/632-20-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/632-19-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/632-18-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/632-17-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/632-16-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/632-15-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/632-14-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/632-13-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/632-12-0x0000000003360000-0x0000000003363000-memory.dmp

Filesize
12KB

Download
memory/632-11-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/632-10-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/632-9-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/632-8-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download
memory/632-7-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/632-6-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/632-5-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/632-4-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/632-3-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/632-2-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/632-1-0x0000000001E40000-0x0000000001E94000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads