Overview

overview

4

Static

static

�....0.exe

windows7-x64

3

�....0.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    40s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CFӵǽV1.0.exe

  • Size

    684KB

  • MD5

    2dc0552a6ba0aa9768941021afb21def

  • SHA1

    8ec47f8137e1da4372059d867aa9936897c9b1ee

  • SHA256

    9d9e449be3e01e0ee8111d806debf9b77b8a4830d587869bc4737eb084c55b2b

  • SHA512

    6959cf9f03dc9921dd8a506f845d220b66a6034bf17d7566de189dde656e376f422fc7757c242e5381e3d7b8a9036b914ba951c8e44ab08db5c7691a805eae3f

  • SSDEEP

    12288:kn+e95EJcsEFjNqI5W9FeBMv9fnrdj909x:kn+e9BFxqI5WHeOv9frdjez

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CFӵǽV1.0.exe
    "C:\Users\Admin\AppData\Local\Temp\CFӵǽV1.0.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 308
      2⤵
      • Program crash
      PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1376-54-0x0000000075921000-0x0000000075923000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1892-55-0x0000000000000000-mapping.dmp
    Download