Overview

overview

8

Static

static

f6eb4f516a...bd.exe

windows7-x64

8

f6eb4f516a...bd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    106s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 02:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe

  • Size

    232KB

  • MD5

    750cbeabaac3272c19b12dc8a99750c7

  • SHA1

    15d806790df8055dfc363e5dd70015db04ea9b45

  • SHA256

    f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd

  • SHA512

    4e4171705d2a9a35e8aa6afc185a97da21b3c671a86e854d1fddfcaa6230f9c3320472bc132d384ee09e9e98d7880284b15e36f562a3f659037c9a330697ef4e

  • SSDEEP

    6144:arPZaPoYNkGAYnm149RQC0W7cyqCxSngmV:KlYpAYm149RQo0npV

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 4 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
    "C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 384
      2⤵
      • Program crash
      PID:60
    • C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
      C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2152
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 352
        3⤵
        • Program crash
        PID:4916
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 768
        3⤵
        • Program crash
        PID:3156
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 788
        3⤵
        • Program crash
        PID:756
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 3068 -ip 3068
    1⤵
      PID:3656
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 2152 -ip 2152
      1⤵
        PID:800
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 2152 -ip 2152
        1⤵
          PID:4312
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2152 -ip 2152
          1⤵
            PID:4784

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
                  Filesize

                  232KB

                  MD5

                  5b5f8c49cdf5bd06b3c17db407e821a8

                  SHA1

                  c63a12d46cbd400af8d31909f64d32ec76d05039

                  SHA256

                  0370aba5ae02b030c0fe91259d601f0452a3bd005e62de9deb94695a6b6cb663

                  SHA512

                  06173adada6086193a44dcf7f87e4bfc0a50398118d5efdda0ef46d01470a1c4560554717a8e5b8b5932c77782a68515e4a1ab24495535aaf023de458696ebbc

                  Download Submit

                • memory/2152-136-0x0000000000400000-0x0000000000435000-memory.dmp

                  Filesize

                  212KB

                  Download

                • memory/2152-138-0x0000000000400000-0x0000000000415000-memory.dmp

                  Filesize

                  84KB

                  Download

                • memory/2152-141-0x00000000014C0000-0x00000000014F5000-memory.dmp

                  Filesize

                  212KB

                  Download

                • memory/2152-142-0x0000000000400000-0x0000000000435000-memory.dmp

                  Filesize

                  212KB

                  Download

                • memory/3068-132-0x0000000000400000-0x0000000000435000-memory.dmp

                  Filesize

                  212KB

                  Download

                • memory/3068-135-0x0000000000400000-0x0000000000435000-memory.dmp

                  Filesize

                  212KB

                  Download