Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 13:22 UTC

General

  • Target

    fb49b50c0d470063e9548552158ebf5137ca285f8cf0ccfe1a2ef2d44bbb4390.exe

  • Size

    333KB

  • MD5

    2fb6f6336ba7ce88d3c3ae8a9b3dc103

  • SHA1

    487a88ca63f36cfbddfd57a8e9c8f9c952e78a91

  • SHA256

    fb49b50c0d470063e9548552158ebf5137ca285f8cf0ccfe1a2ef2d44bbb4390

  • SHA512

    3c36c4746deff2be3d3f0f2642ca01372e114adae928ef4f5ffbc47f579633758188a8dfa47d82f75d920cdef1785427627a79422a3a829910801009f0c6478e

  • SSDEEP

    6144:El5wh/1gr+64UHVXwDMsFGbr195RQyghl1C1bq+C9hfCgH8fGQFG6M+0Xp:EHrr+64UHV6DygP1C1b5SC/fGl6h0Xp

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb49b50c0d470063e9548552158ebf5137ca285f8cf0ccfe1a2ef2d44bbb4390.exe
    "C:\Users\Admin\AppData\Local\Temp\fb49b50c0d470063e9548552158ebf5137ca285f8cf0ccfe1a2ef2d44bbb4390.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 52
      2⤵
      • Program crash
      PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2196-0-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

  • memory/2196-1-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.