Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2024 04:55

General

  • Target

    479342d62078aaf31881972c7574f6f2.exe

  • Size

    5.6MB

  • MD5

    479342d62078aaf31881972c7574f6f2

  • SHA1

    382fa9a95746ca6199e7dfb9ae2bd035f4000fb4

  • SHA256

    a6b59e0a275b5314935a3f812a5ba7dd5d5cc9524d3a6efdeb3a103eea386f6d

  • SHA512

    0e74e3e0b993968220e712ffd94a76c00d35f0452494d62b3f6780c80cc0cae2e9982978830c54bed3a57d17a5a84abbdc4c0cbb5961afcae785048ac4ac47da

  • SSDEEP

    98304:VtiVJmQPallXIjrii0nu3m2RwJhsyJExbHMLex0ATwhdgY4m9g7iVyfiC1ql0u7C:+nmEalSMnuJwJhsyCxbtOATwXvwFiCau

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\479342d62078aaf31881972c7574f6f2.exe
    "C:\Users\Admin\AppData\Local\Temp\479342d62078aaf31881972c7574f6f2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 128
      2⤵
      • Program crash
      PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-0-0x00000000008A0000-0x0000000001377000-memory.dmp

    Filesize

    10.8MB

  • memory/1688-6-0x00000000008A0000-0x0000000001377000-memory.dmp

    Filesize

    10.8MB

  • memory/1688-5-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

  • memory/1688-8-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

  • memory/1688-10-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

  • memory/1688-12-0x0000000076FDF000-0x0000000076FE0000-memory.dmp

    Filesize

    4KB

  • memory/1688-11-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

  • memory/1688-14-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

  • memory/1688-16-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

  • memory/1688-17-0x00000000000A0000-0x00000000000A1000-memory.dmp

    Filesize

    4KB

  • memory/1688-19-0x00000000000A0000-0x00000000000A1000-memory.dmp

    Filesize

    4KB

  • memory/1688-32-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/1688-31-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

  • memory/1688-36-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/1688-34-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/1688-29-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

  • memory/1688-27-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

  • memory/1688-26-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

  • memory/1688-24-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

  • memory/1688-22-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

  • memory/1688-21-0x00000000000A0000-0x00000000000A1000-memory.dmp

    Filesize

    4KB

  • memory/1688-37-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

  • memory/1688-39-0x0000000076FDF000-0x0000000076FE0000-memory.dmp

    Filesize

    4KB

  • memory/1688-38-0x0000000076FE0000-0x0000000076FE1000-memory.dmp

    Filesize

    4KB

  • memory/1688-43-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

  • memory/1688-41-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

  • memory/1688-44-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/1688-46-0x0000000076FDF000-0x0000000076FE0000-memory.dmp

    Filesize

    4KB

  • memory/1688-47-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/1688-51-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/1688-50-0x0000000076FDF000-0x0000000076FE0000-memory.dmp

    Filesize

    4KB

  • memory/1688-49-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/1688-53-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/1688-55-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/1688-56-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/1688-59-0x0000000076FDF000-0x0000000076FE0000-memory.dmp

    Filesize

    4KB

  • memory/1688-58-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/1688-61-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/1688-63-0x0000000076FDF000-0x0000000076FE0000-memory.dmp

    Filesize

    4KB

  • memory/1688-62-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

  • memory/1688-65-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

  • memory/1688-67-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

  • memory/1688-68-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

  • memory/1688-71-0x0000000076FE0000-0x0000000076FE1000-memory.dmp

    Filesize

    4KB

  • memory/1688-70-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

  • memory/1688-84-0x0000000076FDF000-0x0000000076FE0000-memory.dmp

    Filesize

    4KB

  • memory/1688-96-0x0000000076FDF000-0x0000000076FE0000-memory.dmp

    Filesize

    4KB

  • memory/1688-97-0x00000000008A0000-0x0000000001377000-memory.dmp

    Filesize

    10.8MB

  • memory/1688-98-0x00000000004B0000-0x00000000004B1000-memory.dmp

    Filesize

    4KB