e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6

Analysis

max time kernel
49s
max time network
175s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
19/09/2022, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe
Size

2.0MB
MD5

4b2f52a5a9d6f4fbe5839cdeba0780fb
SHA1

eae2e0e28d503d2add491d00105e5ea72606aeb8
SHA256

e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6
SHA512

384490a7c9dcaf3139f5cc9e253eb914dec1a1c15b860ad53322082118a36727bfb9f267fb6709410f93b8c113ec52c4ad287882b1abef5b720e1952eeced28c
SSDEEP

49152:eBKnLQEGjYIDTI2ePP4Qudz7XxlhcJj9NX9qCWpCS:eBvjYIPI2evudhlGJo9pN

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2208	e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2824	2208	WerFault.exe	65

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
4704	schtasks.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2208	e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 4704	2208	e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe	66
PID 2208 wrote to memory of 4704	2208	e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe	66
PID 2208 wrote to memory of 4704	2208	e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe	66
PID 2208 wrote to memory of 4192	2208	e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe	68
PID 2208 wrote to memory of 4192	2208	e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe	68
PID 2208 wrote to memory of 4192	2208	e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe	68

C:\Users\Admin\AppData\Local\Temp\e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe
"C:\Users\Admin\AppData\Local\Temp\e0b7c23920e0dbb946862fbbbdd55bf2fd400e654c352d7e5d46b250fbfc20d6.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\schtasks.exe
  /C /create /F /sc minute /mo 5 /tn "Event Viewer Snap-in Launcher (29762912)" /tr "C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe"
  2⤵
  - Creates scheduled task(s)
  PID:4704
- C:\Windows\SysWOW64\schtasks.exe
  /C /Query /XML /TN "Event Viewer Snap-in Launcher (29762912)"
  2⤵
  PID:4192
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 692
  2⤵
  - Program crash
  PID:2824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-154-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-129-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-122-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-123-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-124-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-125-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-120-0x0000000001090000-0x00000000019DC000-memory.dmp

Filesize
9.3MB

Download
memory/2208-127-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-128-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-156-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-130-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-131-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-132-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-133-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-134-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-135-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-136-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-137-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-138-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-139-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-140-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-141-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-142-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-143-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-144-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-145-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-146-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-147-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-148-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-149-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-150-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-151-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-152-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-153-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-126-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-197-0x000000007DC00000-0x000000007DFD1000-memory.dmp

Filesize
3.8MB

Download
memory/2208-121-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-157-0x000000007DC00000-0x000000007DFD1000-memory.dmp

Filesize
3.8MB

Download
memory/2208-158-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2208-196-0x0000000001090000-0x00000000019DC000-memory.dmp

Filesize
9.3MB

Download
memory/2208-155-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-180-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-181-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-182-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-179-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-186-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-184-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-183-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-187-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4192-185-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-163-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-170-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-168-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-166-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-165-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-164-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-172-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-169-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-162-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-167-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-161-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-171-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-160-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-173-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-174-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-175-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-176-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/4704-177-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads