Overview

overview

3

Static

static

3

4016fcf9f9...34.exe

windows7-x64

3

4016fcf9f9...34.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    153s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4016fcf9f98efd02f7dcca8d70855b34.exe

  • Size

    13KB

  • MD5

    4016fcf9f98efd02f7dcca8d70855b34

  • SHA1

    a22ab1f34ab2c1a8f4fb8ad5ec36825974ce5594

  • SHA256

    1e89ca200beb9cec2cd0faa2d2a90046146fe560c21fb40a1bf267187037f0ea

  • SHA512

    ee87bb2ffccfddd2d533d6a00b42cdb59c67467d39107617f2850b63a09bf4b9d1134044f55099e00db82c67c3dad88d4931455be44917e4321892f43345490b

  • SSDEEP

    384:aTnqcIEAKn7CwVCOEHs3Rh+UBsDu1uYAHY:aTjp97C1Wh+UBsDu1uxH

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4016fcf9f98efd02f7dcca8d70855b34.exe
    "C:\Users\Admin\AppData\Local\Temp\4016fcf9f98efd02f7dcca8d70855b34.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 780
      2⤵
      • Program crash
      PID:1148
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 780
      2⤵
      • Program crash
      PID:452
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1032 -ip 1032
    1⤵
      PID:2148

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1032-0-0x0000000000400000-0x000000000040C000-memory.dmp
      Filesize

      48KB

      Download
    • memory/1032-1-0x0000000000400000-0x000000000040C000-memory.dmp
      Filesize

      48KB

      Download