Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/03/2025, 06:17
General
-
Target
d5b7e88e919915c58afbaad1d7cb2531.exe
-
Size
700KB
-
MD5
d5b7e88e919915c58afbaad1d7cb2531
-
SHA1
fab14c9ad635911f61b1050b2ada480e9936ca59
-
SHA256
9462494ac0129d85ae5d2f24597fc4a424f05fa5651513def1c77ddf66b01374
-
SHA512
e2a090a2c046e508db11b73d963fe85a644ecad8f380d6f4a9f75c972c2cd60c7295359c85c0cb0407b67a87ec52fa1a31dccc34619c848f2234b5d562c6d293
-
SSDEEP
12288:fiBqAJsZ6xFR0yJCjD4wjqSGyVm0YpAxRZGgkdoXAk12grWa7CmWgiWMFMa:fQQExFa2uUwjqSGywdGjZrkdcAkrrCjm
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5b7e88e919915c58afbaad1d7cb2531.exe"C:\Users\Admin\AppData\Local\Temp\d5b7e88e919915c58afbaad1d7cb2531.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\d5b7e88e919915c58afbaad1d7cb2531.exe"C:\Users\Admin\AppData\Local\Temp\d5b7e88e919915c58afbaad1d7cb2531.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 363⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
284KB
-
Filesize
284KB
-
Filesize
3.0MB
-
Filesize
284KB
-
Filesize
284KB
-
Filesize
284KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
6.9MB
-
Filesize
584KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
728KB