Overview

overview

8

Static

static

3abbf9cad9...ab.exe

windows7-x64

8

3abbf9cad9...ab.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    112s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2022 23:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3abbf9cad996beb2a9e5598f2e2236769a604b5421b20d81111686a31bbb28ab.exe

  • Size

    483KB

  • MD5

    922a7d95b242108cef387cd79d4d3a30

  • SHA1

    4d1b63732bdb640d51949da03b0a9749cbf7f65d

  • SHA256

    3abbf9cad996beb2a9e5598f2e2236769a604b5421b20d81111686a31bbb28ab

  • SHA512

    2316cf1ab3b9d083e315760c99aae8e0cce6d40114b82a15de42af817bdb0007fd16148bb485456fe0437d2147498e2de2c484dadb87651f3c3ea78b10b80628

  • SSDEEP

    12288:Ftoj3rLo3ZAZDbfAmDHLwgV4EPl5TrmszIryaj:Ej7VDbfA4Lwgbjk5

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3abbf9cad996beb2a9e5598f2e2236769a604b5421b20d81111686a31bbb28ab.exe
    "C:\Users\Admin\AppData\Local\Temp\3abbf9cad996beb2a9e5598f2e2236769a604b5421b20d81111686a31bbb28ab.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Users\Admin\AppData\Local\Temp\3abbf9cad996beb2a9e5598f2e2236769a604b5421b20d81111686a31bbb28abmgr.exe
      C:\Users\Admin\AppData\Local\Temp\3abbf9cad996beb2a9e5598f2e2236769a604b5421b20d81111686a31bbb28abmgr.exe
      2⤵
      • Executes dropped EXE
      PID:4264
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 260
        3⤵
        • Program crash
        PID:220
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4264 -ip 4264
    1⤵
      PID:2184

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\3abbf9cad996beb2a9e5598f2e2236769a604b5421b20d81111686a31bbb28abmgr.exe
      Filesize

      105KB

      MD5

      93e4449dccbca737dc4f039ea053fa66

      SHA1

      8007d95f904b6872971ea5a9b9ad878281e50a88

      SHA256

      d548fefa0b087af4a447f0eebf8af488a8943d1c0fc25cb11cdd9a0d0344ca62

      SHA512

      e3360327b9c99415c7f49a1f3f118af89545f918e83c27145b389a22f99707dee7cc026b9177534caace586f5a8994cdb6ae87d87b0b0294e7bc9183413cc11d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\3abbf9cad996beb2a9e5598f2e2236769a604b5421b20d81111686a31bbb28abmgr.exe
      Filesize

      105KB

      MD5

      93e4449dccbca737dc4f039ea053fa66

      SHA1

      8007d95f904b6872971ea5a9b9ad878281e50a88

      SHA256

      d548fefa0b087af4a447f0eebf8af488a8943d1c0fc25cb11cdd9a0d0344ca62

      SHA512

      e3360327b9c99415c7f49a1f3f118af89545f918e83c27145b389a22f99707dee7cc026b9177534caace586f5a8994cdb6ae87d87b0b0294e7bc9183413cc11d

      Download Submit

    • memory/636-132-0x0000000000D20000-0x0000000000DA1000-memory.dmp

      Filesize

      516KB

      Download

    • memory/636-137-0x0000000000D20000-0x0000000000DA1000-memory.dmp

      Filesize

      516KB

      Download

    • memory/4264-133-0x0000000000000000-mapping.dmp

      Download

    • memory/4264-136-0x0000000000400000-0x000000000045A000-memory.dmp

      Filesize

      360KB

      Download