Overview

overview

5

Static

static

fac8994f89...d5.exe

windows7-x64

3

fac8994f89...d5.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    181s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2022 06:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fac8994f89143949eeeb7c79bf51e7453c30c7d24a98730532a12297a62ab6d5.exe

  • Size

    136KB

  • MD5

    3a4d343ddb3215b7b287b34626afc410

  • SHA1

    d5ed18eec288b5fe74e127be6b0528183a7fcaba

  • SHA256

    fac8994f89143949eeeb7c79bf51e7453c30c7d24a98730532a12297a62ab6d5

  • SHA512

    96b64744af02344b030251a69e9c38e2dd188a2daea1e35252ab233e7da990a5883d7d25e33f35d8e07a24f7a9bf3a40e83ee97aae3942f66b13877bbeeb83d2

  • SSDEEP

    3072:cSyuFQ1Xl8q6FcIxN/o/gAUCbFO+tHJexsvm6MMqjvl2abmWGtdK+NcHoZsA:cSyuFQjUcIbw5UCbFOjxruQvEemWGtZx

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Program crash 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fac8994f89143949eeeb7c79bf51e7453c30c7d24a98730532a12297a62ab6d5.exe
    "C:\Users\Admin\AppData\Local\Temp\fac8994f89143949eeeb7c79bf51e7453c30c7d24a98730532a12297a62ab6d5.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:4532
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 676
      2⤵
      • Program crash
      PID:4244
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 696
      2⤵
      • Program crash
      PID:4804
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 152
      2⤵
      • Program crash
      PID:4008
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4532 -ip 4532
    1⤵
      PID:4612
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4532 -ip 4532
      1⤵
        PID:4840
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4532 -ip 4532
        1⤵
          PID:4900

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4532-132-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/4532-134-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/4532-135-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download