Overview

overview

7

Static

static

7b9ac14b26...94.exe

windows7-x64

7

7b9ac14b26...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2022 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe

  • Size

    45KB

  • MD5

    e0ddc5a92588944321f3511bf9604871

  • SHA1

    f79068d7347f89b63f1bf837fd6ecd7c3d527a94

  • SHA256

    7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194

  • SHA512

    732a54d0038e8c79230c38a14ab10247903a9298df518720f32e8f3a9546a411b8feeb3ccee37b15af66b46c9a9eee4831bf9a1de958da808ccf34a6f1599ae7

  • SSDEEP

    384:/TqAGvv+2smXWnECTiJgpS08tEnkphMFNbaX32llzT7E3RXYbNFCBpHD/4nKi8h2:/gR82gIQiSNbaX32llzT7gRcEdwY1ce

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe
    "C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe
      "C:\Users\Admin\AppData\Local\Temp\7b9ac14b26a3fbef7acf2f6718fd74de2c8ece221d31f11b27db278f79cb1194.exe"
      2⤵
        PID:5008
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 328
          3⤵
          • Program crash
          PID:4128
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5008 -ip 5008
      1⤵
        PID:3948

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\gNE1LG7MG8LAf6f.txt
        Filesize

        2KB

        MD5

        25a0e6a2590df6b5edefa0f51d214261

        SHA1

        8bbd2395db43b9838626eda00ca0acf6e822b94d

        SHA256

        3b979d97345639f940b7ac6231e25ae41cdaf7f6d851f482f3be4a6aeb8007d6

        SHA512

        c892cea34b5d68c293b8d8e71ad24d8a33094d0a7ca182c7931bc2f0a2c654c134269f3112e2902fa2f18b9c29e1d1288c141928944b0958e198bed941af8afb

        Download Submit

      • memory/5008-136-0x0000000000400000-0x0000000000404000-memory.dmp

        Filesize

        16KB

        Download

      • memory/5008-138-0x0000000000400000-0x0000000000404000-memory.dmp

        Filesize

        16KB

        Download