Overview

overview

5

Static

static

c40fb5ce69...ba.exe

windows7-x64

5

c40fb5ce69...ba.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c40fb5ce69895cfa066fc3fc6f1ba52d0c86f393edc85058571f379ee20c9eba.exe

  • Size

    124KB

  • MD5

    6642d9317aab9d28356037d9852451b2

  • SHA1

    c9572675a391a803b1f6b848dd5c2974e14fcb08

  • SHA256

    c40fb5ce69895cfa066fc3fc6f1ba52d0c86f393edc85058571f379ee20c9eba

  • SHA512

    6d218abc7ac4bf8d57ea637e8e8957d3e10da89aeab958742fc007a4d2035c5a0e79ada6636802de6186e7041d78b78ba99967b3d459d56032ba28235414aca5

  • SSDEEP

    1536:Fl14rQcWAkN7GAlqbkfAGQGV8aMbrNyrf1w+956SeBsCXKaJe6JrZgD0w:/mZWXyaiedMbrN6p956XBscUDP

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c40fb5ce69895cfa066fc3fc6f1ba52d0c86f393edc85058571f379ee20c9eba.exe
    "C:\Users\Admin\AppData\Local\Temp\c40fb5ce69895cfa066fc3fc6f1ba52d0c86f393edc85058571f379ee20c9eba.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 36
      2⤵
      • Program crash
      PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-55-0x0000000001000000-0x0000000001021248-memory.dmp

    Filesize

    132KB

    Download