Overview

overview

10

Static

static

008.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-06-2022 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    008.exe

  • Size

    319KB

  • MD5

    39fd75f0bb7b92981f00e277ded19951

  • SHA1

    315ce26971f6d2ab8d273911b9f1b4b80c8c55da

  • SHA256

    7c902b5da243bec90b83e4d68e4e8c097d1e36e9d9508c5095023f801440d977

  • SHA512

    73c151b76a6fa0731519b3551f4b8bcaad5108b225983b74e3af2081fa473b557d43a7771523cf91bc21941e620cf49361a501eb3a982156b882d075a8e5529a

Score
10/10
onlyloggerloader

Malware Config

Signatures

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • OnlyLogger Payload 2 IoCs
  • Program crash 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\008.exe
    "C:\Users\Admin\AppData\Local\Temp\008.exe"
    1⤵
      PID:1940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 620
        2⤵
        • Program crash
        PID:1472
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 656
        2⤵
        • Program crash
        PID:3360
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 744
        2⤵
        • Program crash
        PID:4324
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 764
        2⤵
        • Program crash
        PID:2584
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 656
        2⤵
        • Program crash
        PID:5040
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 836
        2⤵
        • Program crash
        PID:1284
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 3748
        2⤵
        • Program crash
        PID:1708
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1940 -ip 1940
      1⤵
        PID:2124
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1940 -ip 1940
        1⤵
          PID:720
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 1940 -ip 1940
          1⤵
            PID:4344
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1940 -ip 1940
            1⤵
              PID:4400
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 1940 -ip 1940
              1⤵
                PID:4756
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1940 -ip 1940
                1⤵
                  PID:1540
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1940 -ip 1940
                  1⤵
                    PID:4072

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/1940-130-0x00000000008D9000-0x00000000008F4000-memory.dmp
                    Filesize

                    108KB

                    Download
                  • memory/1940-131-0x0000000000890000-0x00000000008BD000-memory.dmp
                    Filesize

                    180KB

                    Download
                  • memory/1940-132-0x0000000000400000-0x0000000000848000-memory.dmp
                    Filesize

                    4.3MB

                    Download
                  • memory/1940-133-0x00000000008D9000-0x00000000008F4000-memory.dmp
                    Filesize

                    108KB

                    Download