Overview

overview

5

Static

static

407e3a7893...44.exe

windows7_x64

5

407e3a7893...44.exe

windows10-2004_x64

5

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08-07-2022 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    407e3a7893464719061c167066b9c6955a73a1f58281ab9b55323bbb123a0544.exe

  • Size

    1.1MB

  • MD5

    cd611e1f87a03308cd78e3d00643cc69

  • SHA1

    b152637db3b0630b00c223bb9a65eaa2edeba2ce

  • SHA256

    407e3a7893464719061c167066b9c6955a73a1f58281ab9b55323bbb123a0544

  • SHA512

    17df753c03bb63696c76c11dfd0901d85510b99e9c312bbc042f04b501b432377ce8d1749768eabeafac2af289cf52722648c2375fef81ee1fc2e40551a16512

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\407e3a7893464719061c167066b9c6955a73a1f58281ab9b55323bbb123a0544.exe
    "C:\Users\Admin\AppData\Local\Temp\407e3a7893464719061c167066b9c6955a73a1f58281ab9b55323bbb123a0544.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Users\Admin\AppData\Local\Temp\407e3a7893464719061c167066b9c6955a73a1f58281ab9b55323bbb123a0544.exe
      "C:\Users\Admin\AppData\Local\Temp\407e3a7893464719061c167066b9c6955a73a1f58281ab9b55323bbb123a0544.exe"
      2⤵
        PID:3408
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 540
          3⤵
          • Program crash
          PID:4124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3408 -ip 3408
      1⤵
        PID:4224

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2064-132-0x00000000029E0000-0x00000000029E7000-memory.dmp

        Filesize

        28KB

        Download

      • memory/2064-134-0x00000000029E0000-0x00000000029E7000-memory.dmp

        Filesize

        28KB

        Download

      • memory/2064-135-0x00007FFB9AB10000-0x00007FFB9AD05000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2064-136-0x0000000076F70000-0x0000000077113000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3408-138-0x0000000000400000-0x00000000004DB000-memory.dmp

        Filesize

        876KB

        Download

      • memory/3408-137-0x0000000000400000-0x0000000000521000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/3408-148-0x00007FFB9AB10000-0x00007FFB9AD05000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3408-149-0x0000000076F70000-0x0000000077113000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3408-150-0x0000000000650000-0x0000000000657000-memory.dmp

        Filesize

        28KB

        Download

      • memory/3408-151-0x0000000076F70000-0x0000000077113000-memory.dmp

        Filesize

        1.6MB

        Download