Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 13:22

General

  • Target

    fb49b50c0d470063e9548552158ebf5137ca285f8cf0ccfe1a2ef2d44bbb4390.exe

  • Size

    333KB

  • MD5

    2fb6f6336ba7ce88d3c3ae8a9b3dc103

  • SHA1

    487a88ca63f36cfbddfd57a8e9c8f9c952e78a91

  • SHA256

    fb49b50c0d470063e9548552158ebf5137ca285f8cf0ccfe1a2ef2d44bbb4390

  • SHA512

    3c36c4746deff2be3d3f0f2642ca01372e114adae928ef4f5ffbc47f579633758188a8dfa47d82f75d920cdef1785427627a79422a3a829910801009f0c6478e

  • SSDEEP

    6144:El5wh/1gr+64UHVXwDMsFGbr195RQyghl1C1bq+C9hfCgH8fGQFG6M+0Xp:EHrr+64UHV6DygP1C1b5SC/fGl6h0Xp

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb49b50c0d470063e9548552158ebf5137ca285f8cf0ccfe1a2ef2d44bbb4390.exe
    "C:\Users\Admin\AppData\Local\Temp\fb49b50c0d470063e9548552158ebf5137ca285f8cf0ccfe1a2ef2d44bbb4390.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 52
      2⤵
      • Program crash
      PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2196-0-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

  • memory/2196-1-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB