1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd

General

Target

1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe
Size

5.8MB
MD5

fa7fa2d7565c8444e201214b4f979d2c
SHA1

411b27b756809992dbdcb29042037b92939ddac7
SHA256

1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd
SHA512

75ad72235d4344b66971e0fcb03d0ac257d146a71eb1841a37aa3c4c26012b3111c7d33050ba773610fa99aa0cb6c3c30d01bafe8ad43b5c0767c0cdc9e0cd88
SSDEEP

98304:ky/lybei/B///uGcKfjmFns+8Y4uZpl6CNXUa7V1/qSAPNodl/U+hiSotgnr:Ty/p/uBFfn6STtZHU+hz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2036	2920	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2920	1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2920	1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2036	2920	1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe	28
PID 2920 wrote to memory of 2036	2920	1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe	28
PID 2920 wrote to memory of 2036	2920	1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe	28
PID 2920 wrote to memory of 2036	2920	1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe	28

C:\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe
"C:\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 132
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Filesize
1.5MB

MD5
55fb3de9042be3edb0dda005137e6945

SHA1
d1e6d74cb480e70005f7569ff4fefee439f5d6e8

SHA256
4c182cc15a2050a81f618c602e2292f80db098b645d30e80e4b913be4cfd7059

SHA512
a9a5b0ad154d756ee83aaa716fe8c1d4e3e16d8c2550a774609ef0b4ba9f92605fb3aaf4ce4dcd75b887d605f0ad4f44bfa5fa2fcdc74bd5761c5e6e48de56ad

Download Submit
\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Filesize
1.3MB

MD5
71d270d125dec0f6a49dfdaf02c0b505

SHA1
c68b9e23d61096c04e0773a731ba7545cb4493a0

SHA256
c9503074a5cf903cae2382160c42684ad95da2728cd5517efcd27ed8cf3dfcd3

SHA512
9fe662fb44536bd81d01c559075339fa6868026d0eaaaf17f98c7b141fe699bee3d65bfce7b874e8f76fe659f09aaebacd83171b1766c7e0660623255647fa09

Download Submit
\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Filesize
1.3MB

MD5
4f57225f2722eb0b47c62d383e1115ce

SHA1
e54a40655029a685de5ac115c454863efa279c46

SHA256
73d469b28bd67c4e226a28965c50ad75ad8928455d1563ac7ed91da2844092a6

SHA512
7a8c077fa7591c7bab53f312467f19e7e174aed222066c957a42638cec8b64168e9668173076fd6da6817adb6e5cc0dbf287a0e02a646ee167b233d63447cb4f

Download Submit
\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Filesize
1.3MB

MD5
e63de5853c46f015c69b2848d918a45f

SHA1
7014ca54c03c56c50e3d5a1890b6535e4aba0b17

SHA256
65a8b36b68212697763cd103c7be14c24a159f813300ea0f9aee9bfab42827d3

SHA512
769789f6d2e956c1860641be13276219d2fa0fcaea37c39ebd8a13bd1fa931e0da174c99f17e9733f87813fcc57f1ef9164d7015583c0480f9f43625ea8fa1a1

Download Submit
\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Filesize
1.2MB

MD5
c8093f89411bcd1ee5c2c5367f782910

SHA1
3c6f8e1f3c0e7af6e00f22c0ea513fb538c52c68

SHA256
5b510088093eb919131e3315b56303b9c4dd234109196ba2a02a3fcf8e321fcf

SHA512
8e501c086ac35217b09a55b52e1347228a350d65281e9ee45b459f0f28cc9b4131c7c80c89fee0a09b926cc8934bc1d70d6b948e61a77600e6127ca4b9201738

Download Submit
\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Filesize
1.1MB

MD5
11d71b1f22871874021d8ab6931fd28e

SHA1
64f790765c640dde9ddc100e3b90144c89654bea

SHA256
28ea0f5e201540e75db03b067f01e8aadc527dfc238f374f6a18375ccbba31e9

SHA512
558e6c25042440c40352070448cdfb896216db8bd75bc1b119b8677567e5e8b466d076e40e7a257334a026e6b2e1ee5b2f5586e5bcd88cfccbd6a0ea8aae2184

Download Submit
\Users\Admin\AppData\Local\Temp\1f70fc60687591d5ff2e7fe3dc460e80d8a0478f935885683a4eee1d1e97a0bd.exe

Filesize
1.7MB

MD5
42cd5684b48ee09d381f6dd6eeb51df1

SHA1
4d1d477de81533a84b1b02bb95aefca6199ddc20

SHA256
7931a83fd72458a49f388d4acd9f86aa2e3fbe592038c002ee54d716648e5c2e

SHA512
3be7e74832ef56f95f678cea0c90ea8692270027b26da7835c6d1cc288af749a8de4d893f6684b5d2036ff244bf5e15b480504bd932386b2238f81677ddc8c37

Download Submit
memory/2920-4-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2920-7-0x0000000000400000-0x0000000000D35000-memory.dmp

Filesize
9.2MB

Download
memory/2920-8-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2920-6-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2920-0-0x0000000000400000-0x0000000000D35000-memory.dmp

Filesize
9.2MB

Download
memory/2920-3-0x0000000000400000-0x0000000000D35000-memory.dmp

Filesize
9.2MB

Download
memory/2920-1-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2920-18-0x0000000000400000-0x0000000000D35000-memory.dmp

Filesize
9.2MB

Download

Analysis

Sharing