Overview

overview

7

Static

static

4cf2a7bd6a...5b.exe

windows7-x64

7

4cf2a7bd6a...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2022 09:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cf2a7bd6a97fad0166c25aee570e244757c4bfba0039ae2d02e85e5269cdd5b.exe

  • Size

    230KB

  • MD5

    60179acd086bec35e71a8df669255853

  • SHA1

    62425d41e2f4573d08031e9cdc599f288a795cee

  • SHA256

    4cf2a7bd6a97fad0166c25aee570e244757c4bfba0039ae2d02e85e5269cdd5b

  • SHA512

    787b93345f9ce53692489f5cb1845a33dcc07a02a009a0807e721cfbd78e98e6f9e1763863d7968c416f05e0bc13468daa362a1eb36a75a76659a8e39e4c4560

  • SSDEEP

    6144:13bzWyYYjjZvxZCbM+ol3c1aoXQEJwggui3:BbayYYjjZpZyQ3toXX7gv

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cf2a7bd6a97fad0166c25aee570e244757c4bfba0039ae2d02e85e5269cdd5b.exe
    "C:\Users\Admin\AppData\Local\Temp\4cf2a7bd6a97fad0166c25aee570e244757c4bfba0039ae2d02e85e5269cdd5b.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:4816
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 724
      2⤵
      • Program crash
      PID:3844
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4816 -ip 4816
    1⤵
      PID:2316

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\sshnas21.dll
      Filesize

      483KB

      MD5

      d6de8418309906e2a41defffc57dbc35

      SHA1

      9643c4254fb513853219e1e2de02a055ac5e222e

      SHA256

      d31df70d9969f041388b671222d0a483b00c5429ee97386fb412ecb4d4cb28a3

      SHA512

      d825490e5b45d07959fc9a4dc1b378b79b55a1dfa8433628ae285e4cebc7371d94fc95187db2f363da2a32dada38cf7700bb1d2adcdc7078ccab5436c9dda453

      Download Submit

    • memory/4816-132-0x0000000002200000-0x0000000002229000-memory.dmp

      Filesize

      164KB

      Download

    • memory/4816-133-0x0000000000400000-0x000000000048C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/4816-135-0x00000000027D0000-0x00000000027FA000-memory.dmp

      Filesize

      168KB

      Download

    • memory/4816-136-0x0000000000400000-0x000000000048C000-memory.dmp

      Filesize

      560KB

      Download