Overview

overview

10

Static

static

1

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02-02-2024 00:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    595KB

  • MD5

    63d9528b6667199d22c482f15643ab31

  • SHA1

    6b6ee0d6d1d661dc3806b653757c5fa8fbc7fd36

  • SHA256

    7c94846904eeffd843980d64ba0eee3b8a81a52aeb60b5a5195bf7b426e4a443

  • SHA512

    1bcf34c21d452db4212358d5ba10339b1d8c42ceda80741affdd54f2bc6dac876e10d72b583e7e7df65d47d9d4f95184b38f7b51963e82afba34d8540dc44e58

  • SSDEEP

    12288:gh1Fk70TnvjcU72Em20lUIIgp05m/x979RE/UzIB8Irh:mk70TrcUSEHIIghREMyld

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 3 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 600
      2⤵
      • Program crash
      PID:1848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1996-0-0x00000000022F0000-0x000000000236E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/1996-2-0x0000000004AE0000-0x0000000004B20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1996-1-0x0000000074C10000-0x00000000752FE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1996-4-0x0000000004AE0000-0x0000000004B20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1996-3-0x0000000004AE0000-0x0000000004B20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1996-5-0x00000000049F0000-0x0000000004A6E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/1996-8-0x0000000002520000-0x0000000004520000-memory.dmp

    Filesize

    32.0MB

    Download

  • memory/1996-9-0x0000000074C10000-0x00000000752FE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1996-10-0x0000000004AE0000-0x0000000004B20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1996-11-0x0000000002520000-0x0000000004520000-memory.dmp

    Filesize

    32.0MB

    Download