Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-04-2024 02:07

General

  • Target

    70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe

  • Size

    7.2MB

  • MD5

    c5ccf171be0afa6d9a1092bac9cb0b96

  • SHA1

    5a2fdbda3acb7a52152bc1472871f09d3624b2a1

  • SHA256

    70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73

  • SHA512

    748c36c8bedfa471b02ead81e0cb7b20e0b11f4b8d84360e8f72215b069ec8191e8ddbfa80d61ecbac404a0bc68d73be145013e44e581d1c5268782b1c87f7b2

  • SSDEEP

    98304:B7//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL6:B7//1xBVqvG5dQ2m0cN+hmdYkvsFLL6

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe
    "C:\Users\Admin\AppData\Local\Temp\70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2280 -s 636
      2⤵
        PID:2872

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2280-1-0x000007FEF59E0000-0x000007FEF63CC000-memory.dmp

      Filesize

      9.9MB

    • memory/2280-0-0x000000013F2F0000-0x000000013FA1C000-memory.dmp

      Filesize

      7.2MB

    • memory/2280-2-0x000000001BE30000-0x000000001BEB0000-memory.dmp

      Filesize

      512KB

    • memory/2280-3-0x000007FEF59E0000-0x000007FEF63CC000-memory.dmp

      Filesize

      9.9MB

    • memory/2280-4-0x000000001BE30000-0x000000001BEB0000-memory.dmp

      Filesize

      512KB