5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370d

Analysis

max time kernel
87s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 19:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370d.exe
Size

154KB
MD5

683fe435f9410ad6ba540f977bc1c780
SHA1

0a1f5f55f652a733a85f075a8c1562cf8c15239f
SHA256

5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370d
SHA512

74f8a1004e77193eec82984970e707b728a2cd79410866a4e47b778735f5b5c3c290cbc54284d6ddf1c73fd39c4296196ded7490a5d7e3458d58739588b5fd24
SSDEEP

3072:h8UIz/i+bvmFTGCOyhM+RDbALYLyhntIbKH765D58G8Lj8LEi:h3Mi+SIyq+FyPIX5f6jEEi

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4268	5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370dmgr.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4268-137-0x0000000000400000-0x000000000042A000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
4268	5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370dmgr.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3644	4268	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 4268	1476	5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370d.exe	85
PID 1476 wrote to memory of 4268	1476	5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370d.exe	85
PID 1476 wrote to memory of 4268	1476	5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370d.exe	85

C:\Users\Admin\AppData\Local\Temp\5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370d.exe
"C:\Users\Admin\AppData\Local\Temp\5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Users\Admin\AppData\Local\Temp\5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370dmgr.exe
  C:\Users\Admin\AppData\Local\Temp\5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370dmgr.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4268
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 516
    3⤵
    - Program crash
    PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4268 -ip 4268
1⤵
PID:308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370dmgr.exe

Filesize
106KB

MD5
7657fcb7d772448a6d8504e4b20168b8

SHA1
84c7201f7e59cb416280fd69a2e7f2e349ec8242

SHA256
54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71

SHA512
786addd2a793bd4123625b22dc717d193246442ac97f1c3f4a763ec794b48e68051cd41097c0e9f7367e6914534f36eafccb109ab03dc793d68bf1522e7884e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f38c3a98b2179620b3c85f08789f4a2d6246e1470c3414b4982bdc09590370dmgr.exe

Filesize
106KB

MD5
7657fcb7d772448a6d8504e4b20168b8

SHA1
84c7201f7e59cb416280fd69a2e7f2e349ec8242

SHA256
54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71

SHA512
786addd2a793bd4123625b22dc717d193246442ac97f1c3f4a763ec794b48e68051cd41097c0e9f7367e6914534f36eafccb109ab03dc793d68bf1522e7884e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~TM3F7.tmp

Filesize
1.6MB

MD5
4f3387277ccbd6d1f21ac5c07fe4ca68

SHA1
e16506f662dc92023bf82def1d621497c8ab5890

SHA256
767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

SHA512
9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

Download Submit
memory/1476-135-0x00000000007D0000-0x00000000007FC000-memory.dmp

Filesize
176KB

Download
memory/4268-137-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4268-138-0x00000000006C0000-0x00000000006EA000-memory.dmp

Filesize
168KB

Download
memory/4268-139-0x0000000077C70000-0x0000000077E13000-memory.dmp

Filesize
1.6MB

Download