Overview

overview

10

Static

static

10

70b278b5e0...in.exe

windows7_x64

1

70b278b5e0...in.exe

windows10-2004_x64

3

Resubmissions

08-06-2022 08:46

220608-kpajpseecn 10

01-06-2022 16:57

220601-vgpnrsafh7 10

Analysis

  • max time kernel
    226s
  • max time network
    294s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01-06-2022 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.bin.exe

  • Size

    413KB

  • MD5

    7540c893f18b33b0e4d6a1fba417ab0e

  • SHA1

    5c7746c6f8f13eb18ecd41ea3ecd4b5de51e3519

  • SHA256

    70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37

  • SHA512

    e9d8b20516b8083df1e35ac0be4fd5491a0cf450bf152f8c8d0b9776d3536c1f0249b3d8af09ca575a734d0552ea90e62410b1cb24a1f423cc72b72f9878e473

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.bin.exe"
    1⤵
      PID:4628
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 320
        2⤵
        • Program crash
        PID:4152
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 164
        2⤵
        • Program crash
        PID:432
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4628 -ip 4628
      1⤵
        PID:4004
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4628 -ip 4628
        1⤵
          PID:4384
        • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
          "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\StopBlock.doc" /o ""
          1⤵
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:1688

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1688-130-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-131-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-132-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-133-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-134-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-135-0x00007FF7FF2E0000-0x00007FF7FF2F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-136-0x00007FF7FF2E0000-0x00007FF7FF2F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-138-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-139-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-140-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1688-141-0x00007FF801710000-0x00007FF801720000-memory.dmp

          Filesize

          64KB

          Download