fcc825b454f02b07064d57dd37ee6b597449c04b56883d7c073c571030cad500

Analysis

max time kernel
51s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
18/09/2022, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19658963328526236.exe
Size

2.1MB
MD5

dfe0ba123011bdca4de794f6f5509415
SHA1

b4260e4d3abadd70fc4377b0fd5e209e4a603deb
SHA256

fcc825b454f02b07064d57dd37ee6b597449c04b56883d7c073c571030cad500
SHA512

d10a018511d8176425de6abe3fd475eddd9c2ac411d6384e61a05ffe03a30e056a351c4340fa21479801fe9befd64d284d82d2854bdefc1a95c609b07d6ee4f4
SSDEEP

49152:aAxmajJyMYIFIT/O5U4ZUlplyKlFzYbxAB/Q:aA/VyMdFQqKvSiVQ

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2704	19658963328526236.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4384	2704	WerFault.exe	65

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
3764	schtasks.exe
3900	schtasks.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2704	19658963328526236.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 3764	2704	19658963328526236.exe	66
PID 2704 wrote to memory of 3764	2704	19658963328526236.exe	66
PID 2704 wrote to memory of 3764	2704	19658963328526236.exe	66
PID 2704 wrote to memory of 4820	2704	19658963328526236.exe	68
PID 2704 wrote to memory of 4820	2704	19658963328526236.exe	68
PID 2704 wrote to memory of 4820	2704	19658963328526236.exe	68
PID 2704 wrote to memory of 3900	2704	19658963328526236.exe	70
PID 2704 wrote to memory of 3900	2704	19658963328526236.exe	70
PID 2704 wrote to memory of 3900	2704	19658963328526236.exe	70

C:\Users\Admin\AppData\Local\Temp\19658963328526236.exe
"C:\Users\Admin\AppData\Local\Temp\19658963328526236.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\SysWOW64\schtasks.exe
  /C /create /F /sc minute /mo 5 /tn "Event Viewer Snap-in Launcher (29762912)" /tr "C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe"
  2⤵
  - Creates scheduled task(s)
  PID:3764
- C:\Windows\SysWOW64\schtasks.exe
  /C /Query /XML /TN "Event Viewer Snap-in Launcher (29762912)"
  2⤵
  PID:4820
- C:\Windows\SysWOW64\schtasks.exe
  /C /create /F /tn "Event Viewer Snap-in Launcher (29762912)" /XML "C:\Users\Admin\AppData\Roaming\EventViewer\tfnme73946158264.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:3900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 548
  2⤵
  - Program crash
  PID:4384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\EventViewer\tfnme73946158264.tmp

Filesize
1KB

MD5
3b0643e9ab3dd4807b3dbfddc81465cb

SHA1
69d046375de332792721e5f4fbe76aaeab86a400

SHA256
7a475d44e2dca938fd547a6f32ebf50d342815e78863a5b082da9c75bf47fe18

SHA512
d8d0f9566aa73dc6084bedd1f39b8877486499342a18210914f3cc3c8b4e098c9dabf5da132384fe7f996356f6303ec116c1ac7974311576f4bcd733ddc4d109

Download Submit
memory/2704-115-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-116-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-117-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-118-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-119-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-120-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-121-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-122-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-123-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-125-0x0000000000990000-0x00000000012F9000-memory.dmp

Filesize
9.4MB

Download
memory/2704-126-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-124-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-127-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-128-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-129-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-130-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-131-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-132-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-133-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-134-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-135-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-136-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-137-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-138-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-139-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-140-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-141-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-142-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-143-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-144-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-145-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-146-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-147-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-148-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-149-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-150-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-151-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-152-0x000000007F300000-0x000000007F6D1000-memory.dmp

Filesize
3.8MB

Download
memory/2704-153-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2704-210-0x0000000000990000-0x00000000012F9000-memory.dmp

Filesize
9.4MB

Download
memory/2704-211-0x000000007F300000-0x000000007F6D1000-memory.dmp

Filesize
3.8MB

Download
memory/3764-155-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-156-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-157-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-158-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-159-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-161-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-160-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-162-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-163-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-164-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-166-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-165-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-167-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-168-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-169-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-170-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-171-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/3764-172-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-174-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-175-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-176-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-177-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-178-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-179-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-180-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-181-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4820-182-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads