Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-09-2024 17:42

General

  • Target

    Testing/EAX Console.exe

  • Size

    64KB

  • MD5

    f6f079a2d265f5b5db3f5b80b1b0ca2d

  • SHA1

    4124af9c2a1e96af3a652c521bb3cb8137d71614

  • SHA256

    846d613708c1455f40fd93345aec0e05f344c586e7bc150850c46f65c4b26d79

  • SHA512

    f159959a62b9151a93f9d5fe2e226416404217560299a746dcbdb2c39c6cc94e01e74ad72cf14e6246e211fa2e7fd1d1233cad149b067af086fe167e23167b85

  • SSDEEP

    1536:XvPvls2TPEld7qIe/iaQwJOi0GmNKh56aQwJOiw:XvPvZT873O/Qr5rKh9QrF

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Testing\EAX Console.exe
    "C:\Users\Admin\AppData\Local\Temp\Testing\EAX Console.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 636
      2⤵
      • Program crash
      PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1056-0-0x0000000073F7E000-0x0000000073F7F000-memory.dmp

    Filesize

    4KB

  • memory/1056-1-0x00000000003F0000-0x0000000000406000-memory.dmp

    Filesize

    88KB

  • memory/1056-2-0x0000000073F70000-0x000000007465E000-memory.dmp

    Filesize

    6.9MB

  • memory/1056-3-0x0000000073F7E000-0x0000000073F7F000-memory.dmp

    Filesize

    4KB

  • memory/1056-4-0x0000000073F70000-0x000000007465E000-memory.dmp

    Filesize

    6.9MB