Overview

overview

8

Static

static

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

8

Analysis

  • max time kernel
    299s
  • max time network
    184s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21/09/2022, 10:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4e7a39e2f461ea256e7361e9ac7377ea8f082754e7640698ccf349df5af98972.exe

  • Size

    2.2MB

  • MD5

    1b72c735aa2a283dea732c51b159ef0f

  • SHA1

    6d6d4a832c4e1c3d058a23b98d88dc05592e5993

  • SHA256

    4e7a39e2f461ea256e7361e9ac7377ea8f082754e7640698ccf349df5af98972

  • SHA512

    acc6cc23825bef18626fb10afc4f268f99536276359a377a049cda730843a3b99573b81e3728e89ce4c4aadec3fadf925dd5cbe5b4ce1ef407c66ab71191a612

  • SSDEEP

    49152:1TSgc8bKieeH3g6m+aJ/O8lBO+1iVQ+ixu7RdZT:pSgcIw6m+aJ/O8lBOwZxu7lT

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Program crash 1 IoCs
  • Creates scheduled task(s) 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e7a39e2f461ea256e7361e9ac7377ea8f082754e7640698ccf349df5af98972.exe
    "C:\Users\Admin\AppData\Local\Temp\4e7a39e2f461ea256e7361e9ac7377ea8f082754e7640698ccf349df5af98972.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\SysWOW64\schtasks.exe
      /C /create /F /sc minute /mo 5 /tn "Event Viewer Snap-in Launcher (29762912)" /tr "C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe"
      2⤵
      • Creates scheduled task(s)
      PID:4412
    • C:\Windows\SysWOW64\schtasks.exe
      /C /create /F /tn "Event Viewer Snap-in Launcher (29762912)" /XML "C:\Users\Admin\AppData\Roaming\EventViewer\tfnme73946158264.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:5104
    • C:\Windows\SysWOW64\schtasks.exe
      /C /Query /XML /TN "Event Viewer Snap-in Launcher (29762912)"
      2⤵
        PID:4748
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 364
        2⤵
        • Program crash
        PID:4268
    • C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe
      C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4872
      • C:\Windows\SysWOW64\schtasks.exe
        /C /create /F /sc minute /mo 5 /tn "Event Viewer Snap-in Launcher (29762912)" /tr "C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe"
        2⤵
        • Creates scheduled task(s)
        PID:4940

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe
            Filesize

            2.2MB

            MD5

            1b72c735aa2a283dea732c51b159ef0f

            SHA1

            6d6d4a832c4e1c3d058a23b98d88dc05592e5993

            SHA256

            4e7a39e2f461ea256e7361e9ac7377ea8f082754e7640698ccf349df5af98972

            SHA512

            acc6cc23825bef18626fb10afc4f268f99536276359a377a049cda730843a3b99573b81e3728e89ce4c4aadec3fadf925dd5cbe5b4ce1ef407c66ab71191a612

            Download Submit

          • C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe
            Filesize

            2.2MB

            MD5

            1b72c735aa2a283dea732c51b159ef0f

            SHA1

            6d6d4a832c4e1c3d058a23b98d88dc05592e5993

            SHA256

            4e7a39e2f461ea256e7361e9ac7377ea8f082754e7640698ccf349df5af98972

            SHA512

            acc6cc23825bef18626fb10afc4f268f99536276359a377a049cda730843a3b99573b81e3728e89ce4c4aadec3fadf925dd5cbe5b4ce1ef407c66ab71191a612

            Download Submit

          • C:\Users\Admin\AppData\Roaming\EventViewer\tfnme73946158264.tmp
            Filesize

            1KB

            MD5

            441abdb8977c0b44f6f89af539654d39

            SHA1

            3f2d1b05202d843b2046aadaf26d7eafff2e7dd8

            SHA256

            cbdb1c25793e03b613b027615c80b97e43594c14f132cbe58fe0eafbb9ba1e09

            SHA512

            2894920db9c4dd13780e806264180c33039ce7584e5df75da12cefa112aafa675bf113a7a6f541ab07c3056a05b1762b0a64be63838b2e5dcb19f00bc1c5212a

            Download Submit

          • memory/2668-150-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-154-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-117-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-120-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-116-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-121-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-122-0x00000000013D0000-0x0000000001D3B000-memory.dmp

            Filesize

            9.4MB

            Download

          • memory/2668-123-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-124-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-125-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-126-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-127-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-128-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-130-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-129-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-131-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-133-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-135-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-136-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-134-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-132-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-137-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-138-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-139-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-140-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-141-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-142-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-153-0x000000007EA90000-0x000000007EE61000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2668-144-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-145-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-146-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-147-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-148-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-149-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-151-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-118-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-119-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-152-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-143-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2668-211-0x00000000013D0000-0x0000000001D3B000-memory.dmp

            Filesize

            9.4MB

            Download

          • memory/4412-166-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-161-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-164-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-167-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-169-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-170-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-171-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-168-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-157-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-165-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-163-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-162-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-172-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-160-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-173-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-159-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-158-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4412-156-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-176-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-177-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-179-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-182-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-183-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-181-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-180-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-178-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4748-175-0x00000000779A0000-0x0000000077B2E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4872-256-0x00000000001F0000-0x0000000000B5B000-memory.dmp

            Filesize

            9.4MB

            Download

          • memory/4872-260-0x000000007E8F0000-0x000000007ECC1000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4872-271-0x00000000001F0000-0x0000000000B5B000-memory.dmp

            Filesize

            9.4MB

            Download

          • memory/4872-272-0x000000007E8F0000-0x000000007ECC1000-memory.dmp

            Filesize

            3.8MB

            Download