3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c

General

Target

3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c.exe
Size

32KB
MD5

39778e34740c753686317424739cf885
SHA1

5f9bada0cddd099b23148b1ddf5540f4061d4bc2
SHA256

3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c
SHA512

8dd071e4ae3ac48e4ab9e4c4d47ac53595ff49d30de92a002e62251d3d8382e19a498cf3f13bb6209100eb1eca3ea4920e65321dd224e3fe70a3126a23527ce5

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

svchost.exesvchost.exesvchost.exe

pid process

388 svchost.exe
4204 svchost.exe
4244 svchost.exe

pid	process
388	svchost.exe
4204	svchost.exe
4244	svchost.exe

Drops file in Windows directory 2 IoCs

Processes:

3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c.exe

description	ioc	process
File created	C:\Windows\svchost.exe	3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c.exe
File opened for modification	C:\Windows\svchost.exe	3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4268 388 WerFault.exe svchost.exe

pid	pid_target	process	target process
4268	388	WerFault.exe	svchost.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

svchost.exe

description	pid	process	target process
PID 388 wrote to memory of 4204	388	svchost.exe	svchost.exe
PID 388 wrote to memory of 4204	388	svchost.exe	svchost.exe
PID 388 wrote to memory of 4204	388	svchost.exe	svchost.exe
PID 388 wrote to memory of 4244	388	svchost.exe	svchost.exe
PID 388 wrote to memory of 4244	388	svchost.exe	svchost.exe
PID 388 wrote to memory of 4244	388	svchost.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c.exe
"C:\Users\Admin\AppData\Local\Temp\3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c.exe"
1⤵
- Drops file in Windows directory
PID:692

C:\Windows\svchost.exe
C:\Windows\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:388
- C:\Windows\svchost.exe
  C:\Windows\svchost.exe Win7
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\svchost.exe
  C:\Windows\svchost.exe Win7
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 368
  2⤵
  - Program crash
  PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 388 -ip 388
1⤵
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\svchost.exe

Filesize
32KB

MD5
39778e34740c753686317424739cf885

SHA1
5f9bada0cddd099b23148b1ddf5540f4061d4bc2

SHA256
3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c

SHA512
8dd071e4ae3ac48e4ab9e4c4d47ac53595ff49d30de92a002e62251d3d8382e19a498cf3f13bb6209100eb1eca3ea4920e65321dd224e3fe70a3126a23527ce5

Download Submit
C:\Windows\svchost.exe

Filesize
32KB

MD5
39778e34740c753686317424739cf885

SHA1
5f9bada0cddd099b23148b1ddf5540f4061d4bc2

SHA256
3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c

SHA512
8dd071e4ae3ac48e4ab9e4c4d47ac53595ff49d30de92a002e62251d3d8382e19a498cf3f13bb6209100eb1eca3ea4920e65321dd224e3fe70a3126a23527ce5

Download Submit
C:\Windows\svchost.exe

Filesize
32KB

MD5
39778e34740c753686317424739cf885

SHA1
5f9bada0cddd099b23148b1ddf5540f4061d4bc2

SHA256
3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c

SHA512
8dd071e4ae3ac48e4ab9e4c4d47ac53595ff49d30de92a002e62251d3d8382e19a498cf3f13bb6209100eb1eca3ea4920e65321dd224e3fe70a3126a23527ce5

Download Submit
C:\Windows\svchost.exe

Filesize
32KB

MD5
39778e34740c753686317424739cf885

SHA1
5f9bada0cddd099b23148b1ddf5540f4061d4bc2

SHA256
3c836644d302fb352cecd7a7831809694eda0273406fb440e568e74f2cfc5d9c

SHA512
8dd071e4ae3ac48e4ab9e4c4d47ac53595ff49d30de92a002e62251d3d8382e19a498cf3f13bb6209100eb1eca3ea4920e65321dd224e3fe70a3126a23527ce5

Download Submit
memory/4204-132-0x0000000000000000-mapping.dmp

Download
memory/4244-134-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads