8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7

Analysis

max time kernel
61s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Size

123KB
MD5

57c5d54f639a1ced3f7fcd3f491dd521
SHA1

834300a234db29ac8daef39a85e25823eb2a2032
SHA256

8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7
SHA512

5e9f399fcba2e00511828b74fc39d3ccf9a4fca9cf71dd87061d093625e2de5e742bf6cdfbc039650d592160a968b38a47eca3e149e95721b0afa203a2ff256c
SSDEEP

1536:sNUTgkYHzIdL6Kvom0jORkfZrzoVgja5EQ+1x51a+iZZB9t/hfKvO7vFR2n:siTnezQ+Kv7HR4zoWj0K8+iHLKvCvk

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1884	4460	WerFault.exe	82
3484	4460	WerFault.exe	82

Modifies registry class 18 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8F21C6~1.EXE,0"	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mul	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mul\ShellNew	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mul\ = "SdiMul.Document"	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\open\command	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\open	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\print	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\print\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8F21C6~1.EXE /p \"%1\""	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\printto	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\printto\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8F21C6~1.EXE /pt \"%1\" \"%2\" \"%3\" \"%4\""	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8F21C6~1.EXE \"%1\""	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\printto\command	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\ = "SdiMul Document"	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\DefaultIcon	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SdiMul.Document\shell\print\command	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mul\ShellNew\NullFile	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4460	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
4460	8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe

C:\Users\Admin\AppData\Local\Temp\8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe
"C:\Users\Admin\AppData\Local\Temp\8f21c6f69a0808ce3292f58e0852c1c90000f705f09e007978f281281f3632e7.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 680
  2⤵
  - Program crash
  PID:1884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 704
  2⤵
  - Program crash
  PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4460 -ip 4460
1⤵
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4460 -ip 4460
1⤵
PID:3556

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads