83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82

Analysis

max time kernel
143s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
Size

2.4MB
MD5

5ec6867be5cd8802c164896092c620fb
SHA1

7a4f3e6f7d879ba554e040e918b671b396f3a4aa
SHA256

83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82
SHA512

2d4bf1d0d90ca656cdc889fa3583a46f1d6e087be2f856afab30c85203d19697474e775a180302631cbbb977d6bfac01f75aec38333b906954dd5a798edd9c82
SSDEEP

49152:Np3bTeMAwLBoKpHMBDttYMb21EsSFoG7Np7XG:H3neJwLBLiZtsE7NVXG

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 19 IoCs

pid	Process
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
556	1724	WerFault.exe	26

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node\Interface\{5D7791BB-5A61-57FB-50AF-5DB906F31BE4}	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node\Interface	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Wow6432Node\Interface\{5D7791BB-5A61-57FB-50AF-5DB906F31BE4}\ = "4XjrgHOlGXLzh6adG3c7hFeY8Wj+mYaKHoVJfKtmDzikwz7dtyu73vtx4YBzpfty4Idynf9354Jxkedo/ploiguFFXyPZrs2pMM+3bcru97hZxZbFNP2ktZty3tphsT7"	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 556	1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe	27
PID 1724 wrote to memory of 556	1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe	27
PID 1724 wrote to memory of 556	1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe	27
PID 1724 wrote to memory of 556	1724	83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe	27

C:\Users\Admin\AppData\Local\Temp\83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe
"C:\Users\Admin\AppData\Local\Temp\83a4efc429319ca56cffc8966d7bf70c7f1fc5c544c8d7ed8348fc82098c4b82.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 372
  2⤵
  - Program crash
  PID:556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/556-4614-0x0000000000000000-mapping.dmp

Download
memory/1724-54-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download
memory/1724-56-0x0000000075BE0000-0x0000000075C27000-memory.dmp

Filesize
284KB

Download
memory/1724-463-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-462-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-464-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-465-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-466-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-467-0x0000000000400000-0x000000000065C000-memory.dmp

Filesize
2.4MB

Download
memory/1724-468-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-469-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-470-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-471-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-473-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-472-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-474-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-475-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-476-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-478-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-477-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-479-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-481-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-480-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-482-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-483-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-484-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-485-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-486-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-487-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-489-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-488-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-490-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-491-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-492-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-493-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-495-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-494-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-496-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-497-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-499-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-498-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-501-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-500-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-502-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-503-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-505-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-504-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-506-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-507-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-508-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-509-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-510-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-511-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-512-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-513-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-515-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-514-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-516-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-517-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-518-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-519-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-521-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-520-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-522-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-523-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-524-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-1383-0x0000000002000000-0x0000000002100000-memory.dmp

Filesize
1024KB

Download
memory/1724-1384-0x0000000002220000-0x00000000023A1000-memory.dmp

Filesize
1.5MB

Download
memory/1724-4610-0x0000000002000000-0x0000000002100000-memory.dmp

Filesize
1024KB

Download
memory/1724-4611-0x00000000024D0000-0x00000000025E1000-memory.dmp

Filesize
1.1MB

Download
memory/1724-4612-0x00000000023B0000-0x00000000024B1000-memory.dmp

Filesize
1.0MB

Download
memory/1724-4613-0x00000000025F0000-0x0000000002691000-memory.dmp

Filesize
644KB

Download
memory/1724-4615-0x0000000000400000-0x000000000065C000-memory.dmp

Filesize
2.4MB

Download