Overview

overview

10

Static

static

3f812a9213...8c.exe

windows7-x64

10

3f812a9213...8c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    166s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c.exe

  • Size

    228KB

  • MD5

    1734f460205f993c3f8382a50b4a9f77

  • SHA1

    ed9e50fa76be0bbdf6c2c458af2b7714a36c30f2

  • SHA256

    3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c

  • SHA512

    90f517431205084ee38589673ca5b68b17a830e969d1b4701aee6f8c7416c7974a6623306228ad834713eb1c6515a34dbf941fb6cff562ecf03718e07c900a9f

  • SSDEEP

    3072:9Btrqne+0JcPF1cK1nu5cdUfv+BCpS7syO1JkBCSWm9zJZaJJWlRgA1:9Btrqne+VPF1nCS7syoEzJwJQRgA1

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c.exe
    "C:\Users\Admin\AppData\Local\Temp\3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08c.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:4512
    • C:\Users\Admin\AppData\Local\Temp\3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08cmgr.exe
      C:\Users\Admin\AppData\Local\Temp\3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08cmgr.exe
      2⤵
      • Executes dropped EXE
      PID:4784
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 484
        3⤵
        • Program crash
        PID:4748
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4784 -ip 4784
    1⤵
      PID:4708

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08cmgr.exe
      Filesize

      110KB

      MD5

      f71fbb1f80eb18d999ebf7523c245afd

      SHA1

      b498b16f05362c69a4de7a9820a6ead7c4af3735

      SHA256

      fdc2a8b0fd518ad4573b2b51b189ee22d7bcf903458ee7468f9fece27bce0e7f

      SHA512

      f0e8c10d8784d12b26c2c470a927b35d4f69d7a5662d31b0cc83519da1544a2cae19522ea9534d9437fdc2e1219eac79586ff4858bd223ea908784b12f28c48b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\3f812a92136133336a7d89465aad4ae416ab47d109187f660835aa5cf5b1f08cmgr.exe
      Filesize

      110KB

      MD5

      f71fbb1f80eb18d999ebf7523c245afd

      SHA1

      b498b16f05362c69a4de7a9820a6ead7c4af3735

      SHA256

      fdc2a8b0fd518ad4573b2b51b189ee22d7bcf903458ee7468f9fece27bce0e7f

      SHA512

      f0e8c10d8784d12b26c2c470a927b35d4f69d7a5662d31b0cc83519da1544a2cae19522ea9534d9437fdc2e1219eac79586ff4858bd223ea908784b12f28c48b

      Download Submit

    • memory/4512-135-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4512-137-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4784-132-0x0000000000000000-mapping.dmp

      Download

    • memory/4784-136-0x0000000000400000-0x0000000000437B80-memory.dmp

      Filesize

      222KB

      Download