4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 03:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b.exe
Size

342KB
MD5

8e7e636e71488229e703ebe80617895d
SHA1

3db3f794a33717f5625c343f97fde1c9ea7a6d0f
SHA256

4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b
SHA512

a0435b03aec8d946d138256eb7baf3813d6fd34874fa9e31a9e9a190a23e63a279bbf52c99d5f38ce4587657967a5405463f046bf4be0ee601e7ba1c1e97b870
SSDEEP

6144:bYatxSIvF68OZGbpYByPT7lyvIcoBh0SIvF68OZGbpYByPT7lyvIcgx:bYhIvk8OvByPHly58FIvk8OvByPHly5E

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1992	1888	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1992	1888	4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b.exe	28
PID 1888 wrote to memory of 1992	1888	4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b.exe	28
PID 1888 wrote to memory of 1992	1888	4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b.exe	28
PID 1888 wrote to memory of 1992	1888	4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b.exe	28

C:\Users\Admin\AppData\Local\Temp\4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b.exe
"C:\Users\Admin\AppData\Local\Temp\4fbb6ec5e9363573255d50d23f4401e5ed69383e045fd8ad64bc91ce7c8eef0b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 300
  2⤵
  - Program crash
  PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1888-0-0x0000000000400000-0x0000000000494174-memory.dmp

Filesize
592KB

Download