Overview

overview

8

Static

static

ff44dc0130...50.exe

windows7-x64

8

ff44dc0130...50.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

  • Size

    2.4MB

  • MD5

    fc95803da7089276c8ab97c22072788b

  • SHA1

    ebcee918e28101e78cacf948e748abf4baf11776

  • SHA256

    ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250

  • SHA512

    5a3d25cf2428844a33fff0f45711e9e913a6c3b4190f4f81a2c91567adeeccabac56161d34c87c0de6c2bf20cf4505a6f87168c3f9161816fa17df4ae105fd2b

  • SSDEEP

    49152:DUpkeyCxla9iSYn54fD9Wp3nZMEWifBA2A+Yw25+56YesR1lLaRWjzrvE9VDU9Eq:PyZMkA2A+Xk+535JHYmYI

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
    "C:\Users\Admin\AppData\Local\Temp\ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4528
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 1244
      2⤵
      • Program crash
      PID:968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 1260
      2⤵
      • Program crash
      PID:1312
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4528 -ip 4528
    1⤵
      PID:4332
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4528 -ip 4528
      1⤵
        PID:1444

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4528-132-0x0000000000400000-0x00000000006C1000-memory.dmp
        Filesize

        2.8MB

        Download
      • memory/4528-133-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-136-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-135-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-137-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-138-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-140-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-142-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-144-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-146-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-148-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-150-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-152-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-154-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-156-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-158-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-160-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-162-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-164-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-166-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-168-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-170-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-172-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-174-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-176-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-178-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-179-0x0000000010000000-0x000000001003D000-memory.dmp
        Filesize

        244KB

        Download
      • memory/4528-180-0x0000000000400000-0x00000000006C1000-memory.dmp
        Filesize

        2.8MB

        Download