03ba86d736891524f8ac2ac62af1ea24d363135f6d6620d1fe6d44be4fce4026 | Triage

Analysis

max time kernel
172s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2022 19:34

Sharing

Report Analysis Logs

General

Target

firebreak.exe
Size

136KB
MD5

83b4307f961697ff5f526238d5c82135
SHA1

319fd1a201eff602bee75e6997aa438d4cc1f552
SHA256

03ba86d736891524f8ac2ac62af1ea24d363135f6d6620d1fe6d44be4fce4026
SHA512

7cc25a8c016a8a25d9f736634f1701f9f58b2c620b5a2fc21f1d24fae82356e9a69f587c1306d50983eb19a386598ea584ae83a4952e87509aaeeb1a6b9ce282
SSDEEP

1536:cJA/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioSGZVmJ5mQNZR4rs:cOZTkLfhjFSiO3oseGwrs

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1628	2652	WerFault.exe	80

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2652	firebreak.exe

C:\Users\Admin\AppData\Local\Temp\firebreak.exe
"C:\Users\Admin\AppData\Local\Temp\firebreak.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2652
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 464
  2⤵
  - Program crash
  PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2652 -ip 2652
1⤵
PID:3980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads