4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5

Analysis

max time kernel
118s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2022 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5.exe
Size

248KB
MD5

0d9b7b534465f9799d9de912c05769af
SHA1

185b6d2704ca1d2f8276724a16f68a388fd9351b
SHA256

4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5
SHA512

7bfe98df6814ef7bc7c198d10db10fa2f185490ce12eccb366722d15ad901914452a21593f3254261fc78ecf061ffba35a8e935dc9033e7ee1b2c6c559d0efe1
SSDEEP

3072:LqPL1/7w6ZAs+VBKQJYa4l6ukQgxWUoCFEVjQDWJw0XGpHn/oYfgUP0A/MDImq7P:0QVnYvoWmOj8Wim8Hmo0A/UMP

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3424	4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5mgr.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3424-138-0x0000000000400000-0x000000000046B000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
3424	4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5mgr.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4796	3424	WerFault.exe	24

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 3424	4160	4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5.exe	24
PID 4160 wrote to memory of 3424	4160	4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5.exe	24
PID 4160 wrote to memory of 3424	4160	4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5.exe	24

C:\Users\Admin\AppData\Local\Temp\4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5.exe
"C:\Users\Admin\AppData\Local\Temp\4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Users\Admin\AppData\Local\Temp\4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5mgr.exe
  C:\Users\Admin\AppData\Local\Temp\4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5mgr.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3424
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 10184
    3⤵
    - Program crash
    PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3424 -ip 3424
1⤵
PID:4884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5mgr.exe

Filesize
68KB

MD5
29d144844588a68b39a16de459e89bac

SHA1
68298bbbe4d9496af1a3b95f43ac15d06fce4375

SHA256
b42f0131680f8789abd425a30da4ae2256be5c3f858c485a51481141934ec7bf

SHA512
745ec326d7029ca57a507ebe14dacf7e349596108e02c6e444a0e4262c2680f72bf36e048e64dbc6427ba0407cc838ad2a105eb99ca31077f3df77fcd6d16551

Download Submit
C:\Users\Admin\AppData\Local\Temp\4cd030f373467964bfebd63da225143892b480107c7101d2dfbced6162d625d5mgr.exe

Filesize
87KB

MD5
812a07f243fc58fa98400f435a672d70

SHA1
df9e77e2e1697986be5b15b6a73ce8bb44109537

SHA256
5a2d95358888d26f7402c0f4b423d62f60d88931b5c74139e654601fbd6209f9

SHA512
525825993819ca26d58f83368b291ab033bb28c8b327248d2bf9a8b1c45e27654954041756fc734b7e4d2289f302f67267b9dec1ace46a8e5cf7e4a417043128

Download Submit
C:\Users\Admin\AppData\Local\Temp\~TMC3C2.tmp

Filesize
47KB

MD5
a2484ef0164a32c27157e893d21ed553

SHA1
c79c57f151f1445a0f133b82897211c764e68f42

SHA256
a17cde76cce13c125ffca78b37b4900808a1b26a27d24f1282769d775841e8d9

SHA512
d6617c3039f9b0b0da1573daf3709eda3030c90833b96e255afe2ed01a8e9de6c0a2bffcd5432058dc5ca504f82ff1b67f62d436e742115ddabf1a7280d8cd8f

Download Submit
memory/3424-132-0x0000000000000000-mapping.dmp

Download
memory/3424-138-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/3424-137-0x00000000020C0000-0x000000000212B000-memory.dmp

Filesize
428KB

Download
memory/3424-140-0x0000000077A20000-0x0000000077BC3000-memory.dmp

Filesize
1.6MB

Download
memory/4160-135-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4160-136-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download