Analysis
-
max time kernel
4294178s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
16-03-2022 07:58
Static task
static1
Behavioral task
behavioral1
Sample
copie de plata bancara.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
General
-
Target
copie de plata bancara.exe
-
Size
903KB
-
MD5
d35d30f184393cacc394b8c51743348d
-
SHA1
961b5905a6d86a0f98b7f14a481c2f2ebebace3b
-
SHA256
3d5d161635b1d409b28564bb95c9006687b720caa5bfb6ed8679b87e889baf3a
-
SHA512
aebf1d8771f475d28c57a709aaf3377a38b540221be3ef4fe6d0bbac8ebc20a8553e26cfae6532c38043e75079c4f5da37d586f6e96755f2d84af594d09d4119
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
copie de plata bancara.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000\Software\Microsoft\Windows\CurrentVersion\Run\Wexcjhp = "C:\\Users\\Public\\phjcxeW.url" copie de plata bancara.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1504 2000 WerFault.exe logagent.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
copie de plata bancara.exelogagent.exedescription pid process target process PID 1476 wrote to memory of 2000 1476 copie de plata bancara.exe logagent.exe PID 1476 wrote to memory of 2000 1476 copie de plata bancara.exe logagent.exe PID 1476 wrote to memory of 2000 1476 copie de plata bancara.exe logagent.exe PID 1476 wrote to memory of 2000 1476 copie de plata bancara.exe logagent.exe PID 1476 wrote to memory of 2000 1476 copie de plata bancara.exe logagent.exe PID 1476 wrote to memory of 2000 1476 copie de plata bancara.exe logagent.exe PID 1476 wrote to memory of 2000 1476 copie de plata bancara.exe logagent.exe PID 2000 wrote to memory of 1504 2000 logagent.exe WerFault.exe PID 2000 wrote to memory of 1504 2000 logagent.exe WerFault.exe PID 2000 wrote to memory of 1504 2000 logagent.exe WerFault.exe PID 2000 wrote to memory of 1504 2000 logagent.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\copie de plata bancara.exe"C:\Users\Admin\AppData\Local\Temp\copie de plata bancara.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\logagent.exeC:\Windows\System32\logagent.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 1403⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1476-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmpFilesize
8KB
-
memory/1476-56-0x00000000003B0000-0x00000000003B1000-memory.dmpFilesize
4KB
-
memory/1476-58-0x0000000004906000-0x0000000004907000-memory.dmpFilesize
4KB
-
memory/2000-59-0x0000000072480000-0x00000000724AE000-memory.dmpFilesize
184KB
-
memory/2000-61-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB