Overview

overview

10

Static

static

1

ea21f591a3...2f.exe

windows7-x64

3

ea21f591a3...2f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13-02-2024 00:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea21f591a31754a8d327f905bccfca2f.exe

  • Size

    364KB

  • MD5

    ea21f591a31754a8d327f905bccfca2f

  • SHA1

    576b00213e4c05a4a4fdad1b54d9e6ce725b4f5f

  • SHA256

    4768efd3769c4525cb2230482561c0fb0df37802d247f0bfea1f713a8561ad61

  • SHA512

    d9ba855b9c9a4344e6c4d584de2962f2e1175a2c98095dde389ce41e8a8b9211b16cc3a0862c86e2f35e7923cf3699d2ca5e1558aa40fb9d65e70a8b731c3670

  • SSDEEP

    6144:RDKW1Fgbdl0TBBvjc/9gcrPhMINuFdGohgvwhGRz4JDw+mbIpKXJsg+TW:hh1Fk70TnvjcFPOINuXGjiGl4JcPbIYT

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea21f591a31754a8d327f905bccfca2f.exe
    "C:\Users\Admin\AppData\Local\Temp\ea21f591a31754a8d327f905bccfca2f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1172
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 600
      2⤵
      • Program crash
      PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1172-0-0x0000000000560000-0x00000000005A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1172-1-0x0000000074130000-0x000000007481E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1172-2-0x00000000049F0000-0x0000000004A30000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1172-3-0x0000000002020000-0x000000000205E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1172-6-0x0000000002530000-0x0000000004530000-memory.dmp

    Filesize

    32.0MB

    Download

  • memory/1172-7-0x0000000074130000-0x000000007481E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1172-8-0x00000000049F0000-0x0000000004A30000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1172-9-0x0000000002530000-0x0000000004530000-memory.dmp

    Filesize

    32.0MB

    Download