Overview

overview

10

Static

static

10

d20a5986bc...44.exe

windows7-x64

8

d20a5986bc...44.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d20a5986bc03b195f49bb7b6f77b1b23da5584ef493db3caae21bcd4f622a144.exe

  • Size

    1.3MB

  • MD5

    4345c8537503b26aa878288ad91682b0

  • SHA1

    5341c1e49892cd2c89e787d0a7dbe892a4b9346e

  • SHA256

    d20a5986bc03b195f49bb7b6f77b1b23da5584ef493db3caae21bcd4f622a144

  • SHA512

    dc04dd2cdc148fcf44136d109d6e2b58503a5bb11d3e2e7e4300cdd9c39ebd3631667aac68a6374984b939efea400b750643cebeb08f015fc16141a34b58710a

  • SSDEEP

    24576:WFcPy6N0NKuMP/SwlJ2t+nFmWumdQTJEQkf0ydLRByZC:WZ+SoSWubJaBV0ZC

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d20a5986bc03b195f49bb7b6f77b1b23da5584ef493db3caae21bcd4f622a144.exe
    "C:\Users\Admin\AppData\Local\Temp\d20a5986bc03b195f49bb7b6f77b1b23da5584ef493db3caae21bcd4f622a144.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3352
    • C:\Users\Admin\AppData\Local\Temp\Temp.dat
      "C:\Users\Admin\AppData\Local\Temp\Temp.dat"
      2⤵
      • Executes dropped EXE
      PID:1880
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 528
        3⤵
        • Program crash
        PID:4524
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1880 -ip 1880
    1⤵
      PID:1044

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Temp.dat
      Filesize

      1.3MB

      MD5

      f2a410a2c1d2070f580a62e804c7b98e

      SHA1

      788897c25d52bd2cf4f778405c273f8527549835

      SHA256

      ecee630ab2c6e867e3c6d5cd13bca809c5fbe3d6f124d21e69ef200f1c3f966b

      SHA512

      c413f459a2d4b7b01e2ffafd6d96cf1d9f0fa1e9e7b8b126b61b9b0008f1a2ea81d5571d670e6a016cf90e87786a7e31ad44138714a204aeb36fe6e8094145b3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Temp.dat
      Filesize

      1.3MB

      MD5

      f2a410a2c1d2070f580a62e804c7b98e

      SHA1

      788897c25d52bd2cf4f778405c273f8527549835

      SHA256

      ecee630ab2c6e867e3c6d5cd13bca809c5fbe3d6f124d21e69ef200f1c3f966b

      SHA512

      c413f459a2d4b7b01e2ffafd6d96cf1d9f0fa1e9e7b8b126b61b9b0008f1a2ea81d5571d670e6a016cf90e87786a7e31ad44138714a204aeb36fe6e8094145b3

      Download Submit

    • memory/1880-135-0x0000000000400000-0x00000000005CC000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1880-136-0x0000000077260000-0x0000000077403000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1880-137-0x0000000075290000-0x00000000754A5000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1880-139-0x0000000000400000-0x00000000005CC000-memory.dmp

      Filesize

      1.8MB

      Download