Overview

overview

6

Static

static

82e9f49919...46.exe

windows7-x64

6

82e9f49919...46.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2022 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82e9f4991932a5c932463586377e81ec4a03b6898e3743ac4849ce55b3d64d46.exe

  • Size

    796KB

  • MD5

    971d463b2829bd001c069c2f26e1b719

  • SHA1

    d21a2f0b6ffe96be321cc31314aa297a5bc719da

  • SHA256

    82e9f4991932a5c932463586377e81ec4a03b6898e3743ac4849ce55b3d64d46

  • SHA512

    5e2cf69daaf0b466b4ca174faddb3b0cfbbd28b28a16493fd006b16536c7162b99f5be9b971c57b2e3bbb270c5d32370d2e5351ca2a1a90b2e3940335edf6e65

  • SSDEEP

    6144:RVmVEiEpeHtSPfyYrIcL7G6rEZ970dZfZkSWxurIfg/:RV24eHCRtFYZ970dZZkSWgr/

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\82e9f4991932a5c932463586377e81ec4a03b6898e3743ac4849ce55b3d64d46.exe
    "C:\Users\Admin\AppData\Local\Temp\82e9f4991932a5c932463586377e81ec4a03b6898e3743ac4849ce55b3d64d46.exe"
    1⤵
    • Adds Run key to start application
    • Checks SCSI registry key(s)
    PID:4328
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 396
      2⤵
      • Program crash
      PID:2848
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4328 -ip 4328
    1⤵
      PID:2548

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4328-132-0x00000000005F0000-0x0000000000637000-memory.dmp

      Filesize

      284KB

      Download

    • memory/4328-133-0x0000000002500000-0x0000000002571000-memory.dmp

      Filesize

      452KB

      Download

    • memory/4328-134-0x00000000005F0000-0x0000000000637000-memory.dmp

      Filesize

      284KB

      Download