79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
Size

142KB
MD5

922af590d571e6b3237766b14769d260
SHA1

432ed21b5e35a270e2d102e3e2865bb11e734477
SHA256

79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137
SHA512

81b37c450f79bca0220cc8aae61c0ed7c0c16400f3586f354c05741af620dc07aeef97ef2b824293d185e83faaca262d83ddfc08a6f1f5c8824c117d63633e10
SSDEEP

3072:lV2BZVPlFlnxClFvLLcs+sPDzGvxyjquGm3zWQBt39ecIDIA/kHL6cQ:bQrNFxwj9+UGvxuQmDWQjF0IWIL63

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 14 IoCs

description	ioc	Process
File created	C:\Windows\win32dc\Half-Life 2 + patch.exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File created	C:\Windows\win32dc\Silent Hill 4 codes.exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File opened for modification	C:\Windows\win32dc\Silent Hill 4 codes.exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File created	C:\Windows\win32dc\BattleField 1942 + cheat.exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File opened for modification	C:\Windows\win32dc\Doom 3 + trainer.exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File created	C:\Windows\win32dc\DAoC_cheat.exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File created	C:\Windows\win32dc\UT2004(cheat).exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File created	C:\Windows\win32dc\UT2004 + fix.exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File created	C:\Windows\win32dc\Counter-Strike(codes).exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File opened for modification	C:\Windows\win32dc\Counter-Strike(codes).exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2(nocd).exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File created	C:\Windows\win32dc\Doom 3 + trainer.exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File opened for modification	C:\Windows\win32dc\UT2004(cheat).exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
File created	C:\Windows\win32dc\Half-Life 2(nocd).exe	79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2496	4788	WerFault.exe	80

C:\Users\Admin\AppData\Local\Temp\79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe
"C:\Users\Admin\AppData\Local\Temp\79b794469c8fef2df79b2342d6cd41b5ac54d4d114190de0af3a81951ab73137.exe"
1⤵
- Drops file in Windows directory
PID:4788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 556
  2⤵
  - Program crash
  PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4788 -ip 4788
1⤵
PID:840

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads