Overview

overview

3

Static

static

FakeClient.exe

windows7-x64

1

FakeClient.exe

windows10-2004-x64

1

SECOPatcher.dll

windows7-x64

1

SECOPatcher.dll

windows10-2004-x64

1

SetACL.exe

windows7-x64

1

SetACL.exe

windows10-2004-x64

1

SppExtComObjHook.dll

windows7-x64

1

SppExtComObjHook.dll

windows10-2004-x64

1

WinDivert.dll

windows7-x64

1

WinDivert.dll

windows10-2004-x64

1

WinDivert64.exe

windows7-x64

WinDivert64.exe

windows10-2004-x64

cleanospp.exe

windows7-x64

1

cleanospp.exe

windows10-2004-x64

1

msvcr100.dll

windows7-x64

3

msvcr100.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    1s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 09:29

Sharing

Copy URL
Twitter E-mail

Errors

Reason
platform exec: image=C:\Users\Admin\AppData\Local\Temp\WinDivert64.exe command="C:\Users\Admin\AppData\Local\Temp\WinDivert64.exe" wdir=C:\Users\Admin\AppData\Local\Temp Payload error: The %1 application cannot be run in Win32 mode.
Report Analysis Logs

General

  • Target

    WinDivert64.exe

  • Size

    46KB

  • MD5

    d6f42128c81965e12578feca7dac500f

  • SHA1

    5c4576bd6409d797334ec17188efe696c9cc97fc

  • SHA256

    9026147943bd44a1eb5e2f0c89cc8f441c7d1f13c1571aba54e262d2e7354798

  • SHA512

    6fd544f2dc11fbae6492157dbdf07effc5a3080a14350d909542bdef974dfa8f7f4d346506086ba0ee90ecbd2f6b107dad84df17e4825962ef51a135c7b4ce93

  • SSDEEP

    768:eiVoBvoIJZurl94Sph4oQ8OlucwYOpClY7YmJrUJuhr3fz1:5VoBJGcK9e2YmJYqvh

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinDivert64.exe
    "C:\Users\Admin\AppData\Local\Temp\WinDivert64.exe"
    1⤵
      PID:1324

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1324-54-0x0000000000010000-0x000000000001E000-memory.dmp

      Filesize

      56KB

      Download