b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1

General

Target

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe
Size

984KB
MD5

f25a8e3f5265a57269590b84a506b672
SHA1

8413ee5a55d52fd306320f5f1429a55a39bd7a47
SHA256

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1
SHA512

89e1348e9f62bfa5f3af06b659396cd687511259a7b425720f31de50f0a90e9b9f546a80f56d018ffab8d8379bece5a5a04872f5793f3cbcf849d209959f2095
SSDEEP

24576:WiZ4NMlr/acS4uAvgMLAtsXBP70m+V751ac0u+1K6yusNHAAlAPnKV17UipvMySP:9MMlry34usg6AtsRz0r1X0TKHRlAP2dr

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

Sdmr.exeSdmr.exedmr.exe

pid process

1700 Sdmr.exe
3812 Sdmr.exe
3140 dmr.exe

pid	process
1700	Sdmr.exe
3812	Sdmr.exe
3140	dmr.exe

Drops file in Windows directory 2 IoCs

Processes:

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

description	ioc	process
File created	C:\Windows\Sdmr.exe	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe
File created	C:\Windows\dmr.exe	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1004 3140 WerFault.exe dmr.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Sdmr.exe

pid process

3812 Sdmr.exe
3812 Sdmr.exe

pid	pid_target	process	target process
1004	3140	WerFault.exe	dmr.exe

pid	process
3812	Sdmr.exe
3812	Sdmr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

pid	process
4920	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe
4920	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exeSdmr.exe

description	pid	process	target process
PID 4920 wrote to memory of 1700	4920	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe	Sdmr.exe
PID 4920 wrote to memory of 1700	4920	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe	Sdmr.exe
PID 4920 wrote to memory of 1700	4920	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe	Sdmr.exe
PID 3812 wrote to memory of 3140	3812	Sdmr.exe	dmr.exe
PID 3812 wrote to memory of 3140	3812	Sdmr.exe	dmr.exe
PID 3812 wrote to memory of 3140	3812	Sdmr.exe	dmr.exe

C:\Users\Admin\AppData\Local\Temp\b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe
"C:\Users\Admin\AppData\Local\Temp\b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4920

C:\Windows\Sdmr.exe
C:\Windows\Sdmr setup
2⤵
- Executes dropped EXE
PID:1700

C:\Windows\Sdmr.exe
C:\Windows\Sdmr.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3812

C:\Windows\dmr.exe
C:\Windows\dmr.exe
2⤵
- Executes dropped EXE
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 568
3⤵
- Program crash
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3140 -ip 3140
1⤵
PID:4152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Sdmr.exe

Filesize
174KB

MD5
2bc9ace5bddaa9f70ed0e8fb22489732

SHA1
a5de5307a484f0d4deae2c49ac007ce5c49a5fc4

SHA256
6a98757092493227b0ba5250b51c33e7cd075e745eaf9dba8e42f67ca484af04

SHA512
3005bff9a0c5f6a871e7a4824a98f9f534bbf19a4c30e719a55640cd7e96141babd0b85c7b3bfa6e3e4afdfa7bb98354dcdc158a6d95f1e4c3b518e356ec7a0a

Download Submit
C:\Windows\Sdmr.exe

Filesize
174KB

MD5
2bc9ace5bddaa9f70ed0e8fb22489732

SHA1
a5de5307a484f0d4deae2c49ac007ce5c49a5fc4

SHA256
6a98757092493227b0ba5250b51c33e7cd075e745eaf9dba8e42f67ca484af04

SHA512
3005bff9a0c5f6a871e7a4824a98f9f534bbf19a4c30e719a55640cd7e96141babd0b85c7b3bfa6e3e4afdfa7bb98354dcdc158a6d95f1e4c3b518e356ec7a0a

Download Submit
C:\Windows\Sdmr.exe

Filesize
174KB

MD5
2bc9ace5bddaa9f70ed0e8fb22489732

SHA1
a5de5307a484f0d4deae2c49ac007ce5c49a5fc4

SHA256
6a98757092493227b0ba5250b51c33e7cd075e745eaf9dba8e42f67ca484af04

SHA512
3005bff9a0c5f6a871e7a4824a98f9f534bbf19a4c30e719a55640cd7e96141babd0b85c7b3bfa6e3e4afdfa7bb98354dcdc158a6d95f1e4c3b518e356ec7a0a

Download Submit
C:\Windows\dmr.exe

Filesize
615KB

MD5
740684adb016a0a91bcff5b85025eacd

SHA1
8af85714dab623dee63b08a68b04ff444a0ad7e4

SHA256
24f690fe8107966b32c2b2b7c9f8b3e778976524c9baf9e25a0cb539a17a1bae

SHA512
dabf86d53b7906fed43cd3f0f16f2878fe97e44b7b40feb86571adef712d532de6c356f492d734c2f0aa2381935f531c833cd6148c5a384676b11b66ce8b352e

Download Submit
C:\Windows\dmr.exe

Filesize
615KB

MD5
740684adb016a0a91bcff5b85025eacd

SHA1
8af85714dab623dee63b08a68b04ff444a0ad7e4

SHA256
24f690fe8107966b32c2b2b7c9f8b3e778976524c9baf9e25a0cb539a17a1bae

SHA512
dabf86d53b7906fed43cd3f0f16f2878fe97e44b7b40feb86571adef712d532de6c356f492d734c2f0aa2381935f531c833cd6148c5a384676b11b66ce8b352e

Download Submit
memory/1700-138-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/1700-146-0x00000000022E0000-0x0000000002356000-memory.dmp

Filesize
472KB

Download
memory/1700-139-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/1700-140-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/1700-141-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/1700-135-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/1700-132-0x0000000000000000-mapping.dmp

Download
memory/1700-150-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/3140-151-0x0000000000000000-mapping.dmp

Download
memory/3140-154-0x0000000000600000-0x000000000069C000-memory.dmp

Filesize
624KB

Download
memory/3140-156-0x0000000000600000-0x000000000069C000-memory.dmp

Filesize
624KB

Download
memory/3140-157-0x0000000000960000-0x0000000000B5C000-memory.dmp

Filesize
2.0MB

Download
memory/3812-147-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/3812-148-0x0000000000FA0000-0x0000000001016000-memory.dmp

Filesize
472KB

Download
memory/3812-149-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/3812-145-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/3812-144-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/3812-155-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/4920-136-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/4920-134-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads