f257079c92aa43ff5e8e30911c430f993c87250f360404a0f5f8d9320e204bb1

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03/08/2024, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f257079c92aa43ff5e8e30911c430f993c87250f360404a0f5f8d9320e204bb1.exe
Size

140.2MB
MD5

d16737f8a5e394c3d727bc6bec6bfd6e
SHA1

d522533fef933587487f3e4368bfd69add39db48
SHA256

f257079c92aa43ff5e8e30911c430f993c87250f360404a0f5f8d9320e204bb1
SHA512

d9d2f7fc3c4964aa37d1a8aed716997842d3298d8d2dd911e26977ecdfb2e9402dcc310c524a3f9b9e258feff9be6407ab8e7f5f5557046b7921bc78363f9ae4
SSDEEP

786432:fRfxSUEGnonETVcKPq2gGcOCAdaO0s4BDLdS+DxzgTtLwSTRpf4P1wT1e8aK:fPSn0VzHcOgzNNdB87

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2596	1664	f257079c92aa43ff5e8e30911c430f993c87250f360404a0f5f8d9320e204bb1.exe	31
PID 1664 wrote to memory of 2596	1664	f257079c92aa43ff5e8e30911c430f993c87250f360404a0f5f8d9320e204bb1.exe	31
PID 1664 wrote to memory of 2596	1664	f257079c92aa43ff5e8e30911c430f993c87250f360404a0f5f8d9320e204bb1.exe	31

C:\Users\Admin\AppData\Local\Temp\f257079c92aa43ff5e8e30911c430f993c87250f360404a0f5f8d9320e204bb1.exe
"C:\Users\Admin\AppData\Local\Temp\f257079c92aa43ff5e8e30911c430f993c87250f360404a0f5f8d9320e204bb1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1664 -s 664
  2⤵
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-0-0x0000000180000000-0x0000000180A25000-memory.dmp

Filesize
10.1MB

Download
memory/1664-7-0x000000014032E000-0x000000014032F000-memory.dmp

Filesize
4KB

Download
memory/1664-3-0x0000000000650000-0x00000000006A9000-memory.dmp

Filesize
356KB

Download
memory/1664-10-0x0000000023050000-0x0000000023278000-memory.dmp

Filesize
2.2MB

Download
memory/1664-6-0x0000000024050000-0x0000000024FD8000-memory.dmp

Filesize
15.5MB

Download
memory/1664-13-0x0000000022B30000-0x0000000022C8E000-memory.dmp

Filesize
1.4MB

Download
memory/1664-28-0x0000000000180000-0x000000000018D000-memory.dmp

Filesize
52KB

Download
memory/1664-25-0x00000000228F0000-0x0000000022970000-memory.dmp

Filesize
512KB

Download
memory/1664-34-0x0000000001EF0000-0x0000000001F03000-memory.dmp

Filesize
76KB

Download
memory/1664-55-0x0000000001F30000-0x0000000001F39000-memory.dmp

Filesize
36KB

Download
memory/1664-52-0x0000000022EF0000-0x0000000022F02000-memory.dmp

Filesize
72KB

Download
memory/1664-61-0x0000000023850000-0x00000000238F2000-memory.dmp

Filesize
648KB

Download
memory/1664-58-0x0000000023970000-0x0000000023A84000-memory.dmp

Filesize
1.1MB

Download
memory/1664-49-0x0000000002290000-0x00000000022A8000-memory.dmp

Filesize
96KB

Download
memory/1664-46-0x0000000022970000-0x00000000229B0000-memory.dmp

Filesize
256KB

Download
memory/1664-43-0x00000000020E0000-0x00000000020F6000-memory.dmp

Filesize
88KB

Download
memory/1664-40-0x00000000020C0000-0x00000000020D9000-memory.dmp

Filesize
100KB

Download
memory/1664-37-0x0000000001ED0000-0x0000000001ED7000-memory.dmp

Filesize
28KB

Download
memory/1664-31-0x0000000000170000-0x0000000000175000-memory.dmp

Filesize
20KB

Download
memory/1664-22-0x0000000024FE0000-0x0000000025822000-memory.dmp

Filesize
8.3MB

Download
memory/1664-19-0x0000000000410000-0x000000000044E000-memory.dmp

Filesize
248KB

Download
memory/1664-16-0x0000000001DE0000-0x0000000001E24000-memory.dmp

Filesize
272KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads