Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
25-11-2022 12:39
General
-
Target
c0f40f593a163e5c82f079646bdc4f95b291c39318b6504a74c9d09490eebee7.exe
-
Size
828KB
-
MD5
a90d9b49ab27d76efeccbdf566539f0c
-
SHA1
976197a9031b5c16a7a28c3c76eafcca5b7def7f
-
SHA256
c0f40f593a163e5c82f079646bdc4f95b291c39318b6504a74c9d09490eebee7
-
SHA512
cf787527b35639023a863668e08c8c3ee094cce7fd4b97c6e887b417adc0eb582dc68a680908873d448b016d12123040e31857d405c73c10f7988efd9f09b944
-
SSDEEP
24576:XlH5JF9HN+6UdNTkJWMRXRo7dgFYFot5WGWk2DrHitjnXmfp:XlZJrHN+6gKBRS6FYCtCDjwn2fp
Score
8/10
Malware Config
Signatures
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0f40f593a163e5c82f079646bdc4f95b291c39318b6504a74c9d09490eebee7.exe"C:\Users\Admin\AppData\Local\Temp\c0f40f593a163e5c82f079646bdc4f95b291c39318b6504a74c9d09490eebee7.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 8082⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4984 -ip 49841⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4984-132-0x0000000000400000-0x00000000006AC000-memory.dmpFilesize
2.7MB
-
memory/4984-133-0x0000000000400000-0x00000000006AC000-memory.dmpFilesize
2.7MB
-
memory/4984-134-0x0000000000400000-0x00000000006AC000-memory.dmpFilesize
2.7MB
-
memory/4984-135-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-138-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-139-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-137-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-140-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-142-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-144-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-146-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-148-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-150-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-152-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-154-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-156-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-158-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-160-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-162-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-164-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-166-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-168-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-170-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-172-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-174-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-176-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-178-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-180-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-181-0x0000000000400000-0x00000000006AC000-memory.dmpFilesize
2.7MB
-
memory/4984-182-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4984-183-0x0000000000400000-0x00000000006AC000-memory.dmpFilesize
2.7MB