6e1ecfbeb5f7b87342b86bc7f2ca02e556e7aca8041afc1092988ece59fca901 | Triage

Analysis

max time kernel
155s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:42

Sharing

Report Analysis Logs

General

Target

Keymaker/Keymaker.exe
Size

180KB
MD5

a9e9c847d66b20649ac1ba65039cf2d0
SHA1

e35a58bda4ac4cd41ad440847f00bcc05a52408e
SHA256

d9320d340f0b76f5084209262655772ee319f4fb223d9f86616c3e429b916102
SHA512

597462877bba60209989bbf3409fe598de9fe04a2f2228db58857f93750aa7fa2dfd59ed71657787c456ced4a844fac7d45246c5144eb39d332b2bc741130351
SSDEEP

3072:Fu6/0X/uiVTNoz4+VgKENlMuzIcEg8Vj/GnraOtkogosV9oJ:s6JiVTCqtTIN7VjsraOtkox

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1364	4884	WerFault.exe	23
3284	4884	WerFault.exe	23

C:\Users\Admin\AppData\Local\Temp\Keymaker\Keymaker.exe
"C:\Users\Admin\AppData\Local\Temp\Keymaker\Keymaker.exe"
1⤵
PID:4884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 448
  2⤵
  - Program crash
  PID:1364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 488
  2⤵
  - Program crash
  PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4884 -ip 4884
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4884 -ip 4884
1⤵
PID:3316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4884-0-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/4884-1-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download