Overview

overview

8

Static

static

8

cab604f8e9...a0.exe

windows7-x64

8

cab604f8e9...a0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    167s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cab604f8e98e47a5b8124b7ca92f1454ab13b12a4aa734595713c148540079a0.exe

  • Size

    50KB

  • MD5

    fe94c6479d735d918e34b4befc34f7ef

  • SHA1

    162bbd90bb1875271d85e803bbcb04ae99f517a2

  • SHA256

    cab604f8e98e47a5b8124b7ca92f1454ab13b12a4aa734595713c148540079a0

  • SHA512

    a07cca6c22a0548c95d0162cc9f0d292d4fcd80f79178fc1332c600fe61a9c4f449f9f8d9b582e793520f6bc8b931dc939ee8c4983a0df289fec6c0c87e85daa

  • SSDEEP

    1536:Sq0tNHSFbLLlpB23o+qJm6YzX2IvKmLvY:mnGbLhKoHHY6IfLv

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cab604f8e98e47a5b8124b7ca92f1454ab13b12a4aa734595713c148540079a0.exe
    "C:\Users\Admin\AppData\Local\Temp\cab604f8e98e47a5b8124b7ca92f1454ab13b12a4aa734595713c148540079a0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:3632
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 280
          3⤵
          • Program crash
          PID:4916
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 276
          3⤵
          • Program crash
          PID:2088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 3632 -ip 3632
      1⤵
        PID:2056
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3632 -ip 3632
        1⤵
          PID:1044

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1884-133-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/3632-134-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download