Overview

overview

7

Static

static

16a7320de7...e6.exe

windows7-x64

7

16a7320de7...e6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    169s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16a7320de7930d21f1443ecb3c9797e29530a29a9dcf810ae13d781ac13095e6.exe

  • Size

    207KB

  • MD5

    818b6ca7f19a09cedc7dbc19d7e007c0

  • SHA1

    7f156d38a0e190d8fb0642af04f076b894d3f79f

  • SHA256

    16a7320de7930d21f1443ecb3c9797e29530a29a9dcf810ae13d781ac13095e6

  • SHA512

    115b73235467603bbf831ca380b65dd13fe39e68aa4490702e0cbf724f0d41e660af026ee3e79733063b7e2c5a1dbb19d0c8f11d0c912fa03e093f3e359ba8ea

  • SSDEEP

    3072:uamgNBfISNsu4vjjjGqaZLVpELqof6xAKFwXFgFVPlSNarvwHLHM:vB1SJvjjjtaZLVpELDKFaoroHLH

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16a7320de7930d21f1443ecb3c9797e29530a29a9dcf810ae13d781ac13095e6.exe
    "C:\Users\Admin\AppData\Local\Temp\16a7320de7930d21f1443ecb3c9797e29530a29a9dcf810ae13d781ac13095e6.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:4772
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 600
      2⤵
      • Program crash
      PID:5048
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4772 -ip 4772
    1⤵
      PID:4744

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\sshnas21.dll
      Filesize

      171KB

      MD5

      e31b761b3b0c7234c571fe059c889a42

      SHA1

      a829e3c32914ec7cc2ea09846af8bff9a6618635

      SHA256

      017cae2eca2fca5918104f0203c38daef1f3b59dc8351dc35629b8694ef46fd0

      SHA512

      555d38188148291edc263f1db46dca4271ce461684b0651546823e4457a7fc4d830d5aaa57241c39f66b01e0f0c1552fe1a7c6bcab9d0b7a6888988b94f6e365

      Download Submit

    • memory/4772-132-0x00000000020D0000-0x00000000020F3000-memory.dmp

      Filesize

      140KB

      Download

    • memory/4772-134-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4772-135-0x0000000002140000-0x0000000002151000-memory.dmp

      Filesize

      68KB

      Download

    • memory/4772-136-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download