9787fca684da468df06893ec26da08480ac0400fb7b55534ed3019b1afd1c564

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f587c01d7504d9c25650d9d0ff51a5f0N.exe
Size

69KB
MD5

f587c01d7504d9c25650d9d0ff51a5f0
SHA1

aa5b21fbdf947b5876aba74ae1790bc8c024a0d6
SHA256

9787fca684da468df06893ec26da08480ac0400fb7b55534ed3019b1afd1c564
SHA512

45d1bcbb3c14c835037014b7c629dfded892a4b160c6ada5b39ebd9c4c8dcb05120743149e59b2797f58fa30d4ab22c3684707eccb014b831b56e60ca3b8f960
SSDEEP

1536:gLXB65939t1HMg4sXJ83kYcrpOxGweAbpQNchwDoUS5:gLk39wYXJ8UYRxGeJ2U5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2396	1628	WerFault.exe	27

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 2396	1628	f587c01d7504d9c25650d9d0ff51a5f0N.exe	28
PID 1628 wrote to memory of 2396	1628	f587c01d7504d9c25650d9d0ff51a5f0N.exe	28
PID 1628 wrote to memory of 2396	1628	f587c01d7504d9c25650d9d0ff51a5f0N.exe	28
PID 1628 wrote to memory of 2396	1628	f587c01d7504d9c25650d9d0ff51a5f0N.exe	28
PID 1628 wrote to memory of 2396	1628	f587c01d7504d9c25650d9d0ff51a5f0N.exe	28
PID 1628 wrote to memory of 2396	1628	f587c01d7504d9c25650d9d0ff51a5f0N.exe	28
PID 1628 wrote to memory of 2396	1628	f587c01d7504d9c25650d9d0ff51a5f0N.exe	28

C:\Users\Admin\AppData\Local\Temp\f587c01d7504d9c25650d9d0ff51a5f0N.exe
"C:\Users\Admin\AppData\Local\Temp\f587c01d7504d9c25650d9d0ff51a5f0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 432
  2⤵
  - Program crash
  PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...