Overview

overview

8

Static

static

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

5

Analysis

  • max time kernel
    300s
  • max time network
    177s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/09/2022, 22:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9a994e6e546c540ddb863a31066a483c5d8fc21478348ecf6a60c7bc8a01891.exe

  • Size

    2.2MB

  • MD5

    954b7677eb947236a313bd1fb0407067

  • SHA1

    77f87d4d8b12ba64b28cc8536ebf40dcec51f195

  • SHA256

    f9a994e6e546c540ddb863a31066a483c5d8fc21478348ecf6a60c7bc8a01891

  • SHA512

    1c1bbf76f125b922c3da154a781dc7a59aafb57362dd8a642a43a26d1fbbad463c9330c4f77c658c634b5064312d0888993d7384da88f9b303ce894ef8db6f1f

  • SSDEEP

    49152:2pS0zCZLl3G0u84DzZmg+rZhJQMJDh3IkyRusbg:2T2hDu84Bmhrz/JDh3IkyRr

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Program crash 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9a994e6e546c540ddb863a31066a483c5d8fc21478348ecf6a60c7bc8a01891.exe
    "C:\Users\Admin\AppData\Local\Temp\f9a994e6e546c540ddb863a31066a483c5d8fc21478348ecf6a60c7bc8a01891.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\SysWOW64\schtasks.exe
      /C /create /F /sc minute /mo 5 /tn "Event Viewer Snap-in Launcher (29762912)" /tr "C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe"
      2⤵
      • Creates scheduled task(s)
      PID:3780
    • C:\Windows\SysWOW64\schtasks.exe
      /C /Query /XML /TN "Event Viewer Snap-in Launcher (29762912)"
      2⤵
        PID:5048
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 688
        2⤵
        • Program crash
        PID:1512
    • C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe
      C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe
      1⤵
        PID:3412

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2016-120-0x00000000013B0000-0x0000000001D1D000-memory.dmp

        Filesize

        9.4MB

        Download

      • memory/2016-121-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-122-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-123-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-124-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-125-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-126-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-127-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-128-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-129-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-130-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-131-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-132-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-133-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-134-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-135-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-136-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-137-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-138-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-139-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-140-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-141-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-142-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-143-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-144-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-145-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-146-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-147-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-148-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-149-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-150-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-151-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-152-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-153-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-154-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-155-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-156-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-157-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2016-163-0x000000007E7A0000-0x000000007EB71000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/2016-175-0x00000000013B0000-0x0000000001D1D000-memory.dmp

        Filesize

        9.4MB

        Download

      • memory/3780-159-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-160-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-161-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-162-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-164-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-165-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-166-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-167-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-168-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-169-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-170-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-171-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-172-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-173-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-174-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-176-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-177-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3780-178-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-180-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-181-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-182-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-183-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-184-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-185-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-186-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-187-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5048-188-0x0000000076FB0000-0x000000007713E000-memory.dmp

        Filesize

        1.6MB

        Download