Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
04/12/2024, 04:04
General
-
Target
ebcc0fc0252825206072a9fac8ea36c2edaa20d7efdebc35fdfe4aa6c356d9a8.exe
-
Size
547KB
-
MD5
289785d22ac3530633ca1cba953c9075
-
SHA1
7c18368ccd4d041c1ae0cf92abfe095ee65883f6
-
SHA256
ebcc0fc0252825206072a9fac8ea36c2edaa20d7efdebc35fdfe4aa6c356d9a8
-
SHA512
ed70954d2e91d184fa97a6a25e454ee3d4d1afe524944197f205b6911173020af86f503f1fdfc673f0d2bbc974e1eba3ea44ede9c5a79798c785155e61bb8f4f
-
SSDEEP
12288:V8rdnBlu0T855BfOr9cxv5swHW5AnlxJjWbDdwS/GahTZy+Pf5Tw2khhHIaxQA:VqZuqc5Er2xv5swZnl3jWBTZVf5Twthl
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ebcc0fc0252825206072a9fac8ea36c2edaa20d7efdebc35fdfe4aa6c356d9a8.exe"C:\Users\Admin\AppData\Local\Temp\ebcc0fc0252825206072a9fac8ea36c2edaa20d7efdebc35fdfe4aa6c356d9a8.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 522⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
576KB
-
Filesize
576KB