67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01

Analysis

max time kernel
205s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01.exe
Size

63KB
MD5

6ec13e0720e797abf0f59f25abc1746c
SHA1

49b33fa79c39d5a78d05938e4f7251ac57c48ca6
SHA256

67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01
SHA512

e5f5da09e86146e6621a45caa0cc07cef034ff7852fa6ab8ffb29b1d147d49e85b832db8bac9c7ed0b7c52ca5fdb0904eec21e7be2c43a7d6c321bf3105204a6
SSDEEP

1536:x5a55rXcdVoy0M50cAnhX4M21mbTYxbwLKBecws9Q2:x5a55X8iEEnhX4MwxbwgeQ

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4568	System64.exe

Loads dropped DLL 2 IoCs

pid	Process
4568	System64.exe
4568	System64.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\System64.exe	System64.exe
File created	C:\Windows\SysWOW64\System64.exe	67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01.exe
File opened for modification	C:\Windows\SysWOW64\System64.exe	67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2820	4568	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 1084	4568	System64.exe	88
PID 4568 wrote to memory of 1084	4568	System64.exe	88
PID 4568 wrote to memory of 1084	4568	System64.exe	88

C:\Users\Admin\AppData\Local\Temp\67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01.exe
"C:\Users\Admin\AppData\Local\Temp\67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01.exe"
1⤵
- Drops file in System32 directory
PID:1524

C:\Windows\SysWOW64\System64.exe
C:\Windows\SysWOW64\System64.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 444
  2⤵
  - Program crash
  PID:2820
- C:\Windows\SysWOW64\userinit.exe
  "C:\Windows\system32\userinit.exe"
  2⤵
  PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4568 -ip 4568
1⤵
PID:4364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\System64.exe

Filesize
63KB

MD5
6ec13e0720e797abf0f59f25abc1746c

SHA1
49b33fa79c39d5a78d05938e4f7251ac57c48ca6

SHA256
67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01

SHA512
e5f5da09e86146e6621a45caa0cc07cef034ff7852fa6ab8ffb29b1d147d49e85b832db8bac9c7ed0b7c52ca5fdb0904eec21e7be2c43a7d6c321bf3105204a6

Download Submit
C:\Windows\SysWOW64\System64.exe

Filesize
63KB

MD5
6ec13e0720e797abf0f59f25abc1746c

SHA1
49b33fa79c39d5a78d05938e4f7251ac57c48ca6

SHA256
67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01

SHA512
e5f5da09e86146e6621a45caa0cc07cef034ff7852fa6ab8ffb29b1d147d49e85b832db8bac9c7ed0b7c52ca5fdb0904eec21e7be2c43a7d6c321bf3105204a6

Download Submit
C:\Windows\SysWOW64\System64.exe

Filesize
63KB

MD5
6ec13e0720e797abf0f59f25abc1746c

SHA1
49b33fa79c39d5a78d05938e4f7251ac57c48ca6

SHA256
67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01

SHA512
e5f5da09e86146e6621a45caa0cc07cef034ff7852fa6ab8ffb29b1d147d49e85b832db8bac9c7ed0b7c52ca5fdb0904eec21e7be2c43a7d6c321bf3105204a6

Download Submit
C:\Windows\SysWOW64\System64.exe

Filesize
63KB

MD5
6ec13e0720e797abf0f59f25abc1746c

SHA1
49b33fa79c39d5a78d05938e4f7251ac57c48ca6

SHA256
67fbbe7470d5c4e49965166e2d683b88db5f9614fca38534ef6f181fe8168f01

SHA512
e5f5da09e86146e6621a45caa0cc07cef034ff7852fa6ab8ffb29b1d147d49e85b832db8bac9c7ed0b7c52ca5fdb0904eec21e7be2c43a7d6c321bf3105204a6

Download Submit
memory/1524-133-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1524-132-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1524-145-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/4568-138-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/4568-141-0x0000000000610000-0x0000000000655000-memory.dmp

Filesize
276KB

Download
memory/4568-142-0x0000000000610000-0x0000000000655000-memory.dmp

Filesize
276KB

Download
memory/4568-140-0x0000000000610000-0x0000000000655000-memory.dmp

Filesize
276KB

Download
memory/4568-144-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/4568-139-0x0000000000610000-0x0000000000655000-memory.dmp

Filesize
276KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads