Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18/05/2024, 21:10

General

  • Target

    4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe

  • Size

    894KB

  • MD5

    2137a17d91c13590a302d25e0d54039a

  • SHA1

    045c362c94ff15fc923f164a64639121e79b961b

  • SHA256

    4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2

  • SHA512

    af37a181d2fda473c73bc76ae3997e3dbb7e5a60d454803211be7a519aa8e513d8f45058191d123e21bc510397d0525f1f4b396d54d14423fffad543de2e529b

  • SSDEEP

    24576:Fs4e9k02lMgvVO4Zl3SMgI58BcGg2cvGj81rQGX5:FSk24Zl3SMgGCcGg2cvGj81rQGX5

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe
    "C:\Users\Admin\AppData\Local\Temp\4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 776
      2⤵
      • Program crash
      PID:2748

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2368-0-0x00000000003B0000-0x00000000003B1000-memory.dmp

          Filesize

          4KB

        • memory/2368-1-0x0000000000400000-0x00000000004E8000-memory.dmp

          Filesize

          928KB