Overview

overview

10

Static

static

file.exe

windows7-x64

5

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-11-2022 11:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    386KB

  • MD5

    2cacbcd2cc6cbaac2ab0270f5e341d50

  • SHA1

    da3aea62ddf57c895acf630b62e972ef70defb60

  • SHA256

    a3694a1695f21ff234a62d22c6d98dd4f5a7fd3e0edb25b0830d40612196e922

  • SHA512

    6eef2ee4b169b14dbe5ee794556e82382e305dae1890b7b8e0acaaf44e17446def261fee1f86deeabccc77fc58577c4ab08bdba567f6ca651ec2c6348b811489

  • SSDEEP

    12288:edXL4sFzfWs/Dtr6oYcxh2MdRog6EQpbief:E4IW0pr6cX2sojJief

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:544
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 332
      2⤵
      • Program crash
      PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/544-65-0x0000000000400000-0x0000000000445000-memory.dmp
    Filesize

    276KB

    Download
  • memory/544-56-0x0000000075A91000-0x0000000075A93000-memory.dmp
    Filesize

    8KB

    Download
  • memory/544-66-0x0000000000290000-0x00000000002D3000-memory.dmp
    Filesize

    268KB

    Download
  • memory/544-67-0x0000000076710000-0x0000000076757000-memory.dmp
    Filesize

    284KB

    Download
  • memory/544-59-0x0000000076760000-0x000000007680C000-memory.dmp
    Filesize

    688KB

    Download
  • memory/544-60-0x0000000074BD0000-0x0000000074C1F000-memory.dmp
    Filesize

    316KB

    Download
  • memory/544-61-0x0000000074C20000-0x0000000074C78000-memory.dmp
    Filesize

    352KB

    Download
  • memory/544-64-0x0000000075910000-0x0000000075967000-memory.dmp
    Filesize

    348KB

    Download
  • memory/544-75-0x0000000076710000-0x0000000076757000-memory.dmp
    Filesize

    284KB

    Download
  • memory/544-55-0x0000000000400000-0x0000000000445000-memory.dmp
    Filesize

    276KB

    Download
  • memory/544-58-0x0000000076710000-0x0000000076757000-memory.dmp
    Filesize

    284KB

    Download
  • memory/544-68-0x0000000075A50000-0x0000000075A85000-memory.dmp
    Filesize

    212KB

    Download
  • memory/544-69-0x0000000074E90000-0x0000000074E9C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/544-70-0x0000000077060000-0x0000000077079000-memory.dmp
    Filesize

    100KB

    Download
  • memory/544-54-0x0000000000400000-0x0000000000445000-memory.dmp
    Filesize

    276KB

    Download
  • memory/544-73-0x0000000000400000-0x0000000000445000-memory.dmp
    Filesize

    276KB

    Download
  • memory/544-74-0x0000000000290000-0x00000000002D3000-memory.dmp
    Filesize

    268KB

    Download
  • memory/1516-72-0x0000000000000000-mapping.dmp
    Download