Overview

overview

3

Static

static

3

a1d957c8bd...94.exe

windows7-x64

3

a1d957c8bd...94.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1d957c8bdaa1f97fd3460c862029694.exe

  • Size

    31KB

  • MD5

    a1d957c8bdaa1f97fd3460c862029694

  • SHA1

    a95b2bef157d9ee1103dd0cd3fa57c3546067411

  • SHA256

    c692c360bbbc7a3b88eebacf9f8124086c702e13bb2d80714b987a9df31f7626

  • SHA512

    3cae7179ac43ee350b75dd9d7af3792ff3e65522f9bed68917839ed977c3ac0327e6eadf3f7bfa491081bcef98947f7481a7d1ced08193d8cfa3b9b5fedde0d7

  • SSDEEP

    768:2tsw+LUPiPH12XDDT2QgGIeAjUFXFdk6VaU7v5:s/+LUqV2XfRIfir7Vamv5

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1d957c8bdaa1f97fd3460c862029694.exe
    "C:\Users\Admin\AppData\Local\Temp\a1d957c8bdaa1f97fd3460c862029694.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 264
      2⤵
      • Program crash
      PID:1784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 264
      2⤵
      • Program crash
      PID:2932
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4380 -ip 4380
    1⤵
      PID:1872

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4380-0-0x0000000000500000-0x000000000050F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/4380-1-0x00000000001C0000-0x00000000001F5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/4380-2-0x0000000000500000-0x000000000050F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/4380-3-0x0000000000500000-0x000000000050F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/4380-4-0x0000000000500000-0x000000000050F000-memory.dmp

      Filesize

      60KB

      Download