Overview

overview

10

Static

static

056b7eb0c0...69.exe

windows7_x64

10

056b7eb0c0...69.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    27-05-2022 17:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769.exe

  • Size

    149KB

  • MD5

    44a81be517e01ab33abdba541a239b6e

  • SHA1

    2890c3be34e4189fe0a11b4e60ff2b3203fcdd2a

  • SHA256

    056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769

  • SHA512

    3361688b857d7e5db7fb5c9606a8e17c1487fb7e6dda9ed69d3c6c89ed94c51abb7e935971d35884bd71a8a55cc1bf436ea28997d404b50f91921895438515a0

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769.exe
    "C:\Users\Admin\AppData\Local\Temp\056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3300
    • C:\Windows\495060393034060\winsvcs.exe
      C:\Windows\495060393034060\winsvcs.exe
      2⤵
      • Executes dropped EXE
      PID:2280
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 528
        3⤵
        • Program crash
        PID:4828
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 588
      2⤵
      • Program crash
      PID:3956
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3300 -ip 3300
    1⤵
      PID:2468
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2280 -ip 2280
      1⤵
        PID:4768

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\495060393034060\winsvcs.exe
        Filesize

        149KB

        MD5

        44a81be517e01ab33abdba541a239b6e

        SHA1

        2890c3be34e4189fe0a11b4e60ff2b3203fcdd2a

        SHA256

        056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769

        SHA512

        3361688b857d7e5db7fb5c9606a8e17c1487fb7e6dda9ed69d3c6c89ed94c51abb7e935971d35884bd71a8a55cc1bf436ea28997d404b50f91921895438515a0

        Download Submit

      • C:\Windows\495060393034060\winsvcs.exe
        Filesize

        149KB

        MD5

        44a81be517e01ab33abdba541a239b6e

        SHA1

        2890c3be34e4189fe0a11b4e60ff2b3203fcdd2a

        SHA256

        056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769

        SHA512

        3361688b857d7e5db7fb5c9606a8e17c1487fb7e6dda9ed69d3c6c89ed94c51abb7e935971d35884bd71a8a55cc1bf436ea28997d404b50f91921895438515a0

        Download Submit

      • memory/2280-133-0x0000000000000000-mapping.dmp

        Download

      • memory/2280-136-0x00000000006F3000-0x00000000006F8000-memory.dmp

        Filesize

        20KB

        Download

      • memory/2280-137-0x00000000006F3000-0x00000000006F8000-memory.dmp

        Filesize

        20KB

        Download

      • memory/2280-138-0x0000000000400000-0x000000000042A000-memory.dmp

        Filesize

        168KB

        Download

      • memory/2280-140-0x0000000000400000-0x000000000042A000-memory.dmp

        Filesize

        168KB

        Download

      • memory/3300-130-0x00000000007D4000-0x00000000007D9000-memory.dmp

        Filesize

        20KB

        Download

      • memory/3300-131-0x00000000007D4000-0x00000000007D9000-memory.dmp

        Filesize

        20KB

        Download

      • memory/3300-132-0x0000000000400000-0x000000000042A000-memory.dmp

        Filesize

        168KB

        Download

      • memory/3300-139-0x0000000000400000-0x000000000042A000-memory.dmp

        Filesize

        168KB

        Download