Overview

overview

8

Static

static

932a87ed20...29.exe

windows7-x64

6

932a87ed20...29.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 01:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    932a87ed20fe32e8271a8566162007eedf3dfe5c0b85c0c218953106d22f4229.exe

  • Size

    44KB

  • MD5

    b460c37303993c1a0ef25728d4d15ced

  • SHA1

    ebad38b16d3f78eb64c956033409256eb4da8c87

  • SHA256

    932a87ed20fe32e8271a8566162007eedf3dfe5c0b85c0c218953106d22f4229

  • SHA512

    ea5d8317b3ef0d03b956f0f471a71958b1eb5ebac8c5a9858c91f72aabc712a4ff22955c42a2e561b99f8f5914e5338402973fe4bbcb9228fea776427dff595d

  • SSDEEP

    768:nRmAu868R8Z8s888m8E8QvE7ITef7PHGXcnplpy2ifwH3BzM749mQIs5SU6vOwg1:noAuzq+5hRpfvE7ITef7PO1finkhsZ6G

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\932a87ed20fe32e8271a8566162007eedf3dfe5c0b85c0c218953106d22f4229.exe
    "C:\Users\Admin\AppData\Local\Temp\932a87ed20fe32e8271a8566162007eedf3dfe5c0b85c0c218953106d22f4229.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1400
    • \??\c:\users\admin\appdata\local\temp\932a87ed20fe32e8271a8566162007eedf3dfe5c0b85c0c218953106d22f4229.exe
      "c:\users\admin\appdata\local\temp\932a87ed20fe32e8271a8566162007eedf3dfe5c0b85c0c218953106d22f4229.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:2324
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 192 -p 3032 -ip 3032
    1⤵
      PID:2452
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3032 -s 7320
      1⤵
      • Program crash
      PID:4988
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2464

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2324-133-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2324-135-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2324-136-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download