78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5

Analysis

max time kernel
117s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5.exe
Size

66KB
MD5

906fe03bf25982a23482850d07bcad54
SHA1

9a1d9fc71c7cdb82754498648f00439feb744c44
SHA256

78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5
SHA512

3ed68a861a161aa6bffdbd676c6c51a73c0ed347f14c14a6b75a66043e0f916de7d615b0abf6a88e7b1bb74cbc56c2c8aabccd296f25db4bdf3efde576f7cc94
SSDEEP

1536:EIntjtzy9rQtQ1Br+/mlhBtb1560FuovVN:5/y9ktQXiOhv180Ya7

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5032	sxe8246.tmp

Loads dropped DLL 2 IoCs

pid	Process
4872	78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5.exe
4872	78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5032 set thread context of 2080	5032	sxe8246.tmp	86

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1476	2080	WerFault.exe	86
2628	2080	WerFault.exe	86

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 5032	4872	78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5.exe	85
PID 4872 wrote to memory of 5032	4872	78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5.exe	85
PID 4872 wrote to memory of 5032	4872	78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5.exe	85
PID 5032 wrote to memory of 2080	5032	sxe8246.tmp	86
PID 5032 wrote to memory of 2080	5032	sxe8246.tmp	86
PID 5032 wrote to memory of 2080	5032	sxe8246.tmp	86
PID 5032 wrote to memory of 2080	5032	sxe8246.tmp	86

C:\Users\Admin\AppData\Local\Temp\78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5.exe
"C:\Users\Admin\AppData\Local\Temp\78b2481e55f236dfaa75b4adc19c59d94c1a17e8b487455ca030bdd1e1b165b5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Users\Admin\AppData\Local\Temp\sxe8246.tmp
  "C:\Users\Admin\AppData\Local\Temp\sxe8246.tmp"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:5032
- - C:\Windows\SysWOW64\svchost.exe
    svchost.exe
    3⤵
    PID:2080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 288
      4⤵
      Program crash
      PID:1476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 296
      4⤵
      Program crash
      PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2080 -ip 2080
1⤵
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2080 -ip 2080
1⤵
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sxe8215.tmp

Filesize
15KB

MD5
bd815b61f9948f93aface4033fbb4423

SHA1
b5391484009b39053fc8b1bba63d444969bafcfa

SHA256
b018bf9e9f8b6d945e6a2a25984970634884afabc580af2b4e855730520d5d76

SHA512
a363abe97b5a44e5d36af859e8d484daffe1d8e321c87969a75d1bfaa4288a5e6be1922a02c6d72937c84e81a79a1c7f6c9f2a44a995cac3f993ed5608afcd71

Download Submit
C:\Users\Admin\AppData\Local\Temp\sxe8215.tmp

Filesize
15KB

MD5
bd815b61f9948f93aface4033fbb4423

SHA1
b5391484009b39053fc8b1bba63d444969bafcfa

SHA256
b018bf9e9f8b6d945e6a2a25984970634884afabc580af2b4e855730520d5d76

SHA512
a363abe97b5a44e5d36af859e8d484daffe1d8e321c87969a75d1bfaa4288a5e6be1922a02c6d72937c84e81a79a1c7f6c9f2a44a995cac3f993ed5608afcd71

Download Submit
C:\Users\Admin\AppData\Local\Temp\sxe8246.tmp

Filesize
112KB

MD5
19d753045ed11d7333d047408991bfaa

SHA1
798b40762ba6b754e761a220e9562cd0cf40b057

SHA256
077935e35fc381f74fcf9656474e050c04cebe64cef7bbbd6563e7e56e972cc8

SHA512
1a27c3c4b5fab0bc5fae8b68ec616d2dd87972e713c6e8e33dc9a64679f703d0e37dab24e5b063953d3c0f8bba910c4dd82ab5e7e49942ee79df9f425e2d11a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\sxe8246.tmp

Filesize
112KB

MD5
19d753045ed11d7333d047408991bfaa

SHA1
798b40762ba6b754e761a220e9562cd0cf40b057

SHA256
077935e35fc381f74fcf9656474e050c04cebe64cef7bbbd6563e7e56e972cc8

SHA512
1a27c3c4b5fab0bc5fae8b68ec616d2dd87972e713c6e8e33dc9a64679f703d0e37dab24e5b063953d3c0f8bba910c4dd82ab5e7e49942ee79df9f425e2d11a4

Download Submit
memory/2080-139-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4872-134-0x00000000005A1000-0x00000000005A3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads