Overview

overview

7

Static

static

a13b90111c...18.exe

windows7-x64

7

a13b90111c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 04:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a13b90111cf5054e290a42ac307d8fac2113cd5e597f7b9f84051b2d88986218.exe

  • Size

    4.0MB

  • MD5

    ffb8f2b184a583a281e42b7ceeaacbc1

  • SHA1

    848f8cb912fd833a08481f571146022fb73eb80e

  • SHA256

    a13b90111cf5054e290a42ac307d8fac2113cd5e597f7b9f84051b2d88986218

  • SHA512

    5342fae478ccac6d933894905c5b068bd2ac0ac97dad5afb88831b31fd58bc9237388149de0439489a8913224719cb038d5c929fa098581cc7da981fd0a4a79b

  • SSDEEP

    98304:Xoe0/H/vLq+crSY8bBXKJ01peq1cZqD+cngaSHQ3rafb:XhAHLq+cJ8NXKJApeq1c8DJgaBi

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Program crash 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a13b90111cf5054e290a42ac307d8fac2113cd5e597f7b9f84051b2d88986218.exe
    "C:\Users\Admin\AppData\Local\Temp\a13b90111cf5054e290a42ac307d8fac2113cd5e597f7b9f84051b2d88986218.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 484
      2⤵
      • Program crash
      PID:4300
    • C:\Users\Admin\AppData\Local\Temp\a13b90111cf5054e290a42ac307d8fac2113cd5e597f7b9f84051b2d88986218.exe
      "C:\Users\Admin\AppData\Local\Temp\a13b90111cf5054e290a42ac307d8fac2113cd5e597f7b9f84051b2d88986218.exe"
      2⤵
      • Checks BIOS information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4848
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 544
        3⤵
        • Program crash
        PID:4944
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 552
        3⤵
        • Program crash
        PID:424
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5088 -ip 5088
    1⤵
      PID:1880
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4848 -ip 4848
      1⤵
        PID:4932
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4848 -ip 4848
        1⤵
          PID:1432

        Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/4848-134-0x00000000020A0000-0x00000000020C4000-memory.dmp

                Filesize

                144KB

                Download

              • memory/4848-140-0x0000000000400000-0x0000000000463200-memory.dmp

                Filesize

                396KB

                Download

              • memory/4848-139-0x0000000000400000-0x0000000000463200-memory.dmp

                Filesize

                396KB

                Download

              • memory/4848-141-0x0000000000400000-0x0000000000463200-memory.dmp

                Filesize

                396KB

                Download

              • memory/4848-142-0x0000000000400000-0x0000000000463200-memory.dmp

                Filesize

                396KB

                Download

              • memory/4848-143-0x0000000000402000-0x0000000000403000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4848-144-0x0000000000401000-0x0000000000402000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4848-146-0x0000000000400000-0x0000000000463200-memory.dmp

                Filesize

                396KB

                Download

              • memory/5088-132-0x0000000000400000-0x0000000000463200-memory.dmp

                Filesize

                396KB

                Download

              • memory/5088-147-0x0000000000400000-0x0000000000463200-memory.dmp

                Filesize

                396KB

                Download

              • memory/5088-148-0x0000000000400000-0x0000000000463200-memory.dmp

                Filesize

                396KB

                Download