a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54d

Analysis

max time kernel
49s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2022 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54d.exe
Size

216KB
MD5

4e5e6f9ad5b049c88cb7168434f91130
SHA1

0075d519539f0dd124b6ab52f919921b2331b177
SHA256

a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54d
SHA512

7d0f0848ead7c0eb60efc5b3c71a1b7b638c25a52b77f3bcfe15220636ffcc61e2acb1cb79fedf364819b9030b3df27415fb5ee075a29ee2e7a72df26e231437
SSDEEP

3072:YfXOdo+GQu7grDTgG0Z5ICcF7utab9YzfPQywd9daKjG7btekh+Zv2+xeyK9:MOsd0rDTT0ZmLduPrYh9ab/+J7K9

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4912	a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54dmgr.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4912-138-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
4912	a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54dmgr.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1540	4912	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 4912	3268	a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54d.exe	83
PID 3268 wrote to memory of 4912	3268	a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54d.exe	83
PID 3268 wrote to memory of 4912	3268	a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54d.exe	83

C:\Users\Admin\AppData\Local\Temp\a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54d.exe
"C:\Users\Admin\AppData\Local\Temp\a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Users\Admin\AppData\Local\Temp\a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54dmgr.exe
  C:\Users\Admin\AppData\Local\Temp\a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54dmgr.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 10184
    3⤵
    - Program crash
    PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4912 -ip 4912
1⤵
PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54dmgr.exe

Filesize
163KB

MD5
1daf18bc5f50f0ccac0dd7dab27b00ab

SHA1
4e661f68956d5f83261237e7f56c34a7318b2b94

SHA256
6d0673bd9cec2a33583f01ed7bfd63bb56473ca47cfbf799ef20c06d95a75ec2

SHA512
fac0e3eb2281195b09989c707835b82a61362fd0a7dba42506ebdebbc151f4c9e6a74e7db5cd4301e05abe9b311f0005e79b862187b8964a08fa6d8e0bd7dd34

Download Submit
C:\Users\Admin\AppData\Local\Temp\a378cf78af89de66922cc325ad640b7723855b551e5abb8977203725a7dfb54dmgr.exe

Filesize
163KB

MD5
1daf18bc5f50f0ccac0dd7dab27b00ab

SHA1
4e661f68956d5f83261237e7f56c34a7318b2b94

SHA256
6d0673bd9cec2a33583f01ed7bfd63bb56473ca47cfbf799ef20c06d95a75ec2

SHA512
fac0e3eb2281195b09989c707835b82a61362fd0a7dba42506ebdebbc151f4c9e6a74e7db5cd4301e05abe9b311f0005e79b862187b8964a08fa6d8e0bd7dd34

Download Submit
C:\Users\Admin\AppData\Local\Temp\~TMD15E.tmp

Filesize
1.6MB

MD5
4f3387277ccbd6d1f21ac5c07fe4ca68

SHA1
e16506f662dc92023bf82def1d621497c8ab5890

SHA256
767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

SHA512
9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

Download Submit
memory/3268-136-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4912-132-0x0000000000000000-mapping.dmp

Download
memory/4912-137-0x00000000005C0000-0x0000000000628000-memory.dmp

Filesize
416KB

Download
memory/4912-138-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/4912-139-0x0000000077D50000-0x0000000077EF3000-memory.dmp

Filesize
1.6MB

Download