Overview

overview

7

Static

static

a4865ca33b...46.exe

windows7-x64

7

a4865ca33b...46.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2022 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4865ca33b0d587f210d984cbce591c690f59cf2122c62cb9d2eb4a13cc3a146.exe

  • Size

    202KB

  • MD5

    148270bf298fcb4033d6c42c91648176

  • SHA1

    6cba9f11e63ecb3289e57cc5712a0147423d40b2

  • SHA256

    a4865ca33b0d587f210d984cbce591c690f59cf2122c62cb9d2eb4a13cc3a146

  • SHA512

    ac7aa90c6d0db79d8702c5ccfa2ad1d5e544108d140a528c70ade071f00a9f1e5367a6e9a4734f979ff259d35a4c7be17fa62516b7fd968385cdecec688ab715

  • SSDEEP

    6144:ikG6TWCM3bi3P+KwqGFnoYvTK4XiMz9Hp7gfgT2uwI1k2:06/r/+GYbKc9J78gT2i1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4865ca33b0d587f210d984cbce591c690f59cf2122c62cb9d2eb4a13cc3a146.exe
    "C:\Users\Admin\AppData\Local\Temp\a4865ca33b0d587f210d984cbce591c690f59cf2122c62cb9d2eb4a13cc3a146.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:4740
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 648
      2⤵
      • Program crash
      PID:4344
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4740 -ip 4740
    1⤵
      PID:4840

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\sshnas21.dll
      Filesize

      168KB

      MD5

      a114bf8e11b0ecc1ef06c49b33c00411

      SHA1

      b2ccf82ef889ba3667312dd7a6c8ffdff5659614

      SHA256

      282cc574d16082d626296eac1ec88ba384a9a69ab8943db4ddd482c1a9291e49

      SHA512

      9a1e00628cfb235b955293c0b5b77ef90d01143151d734f1532fa8e87db72dea1ccefbe0bcb372cb70eb0d4503415a3abe63760ba5fb7fa50c5ca23d9f3934f9

      Download Submit

    • memory/4740-132-0x0000000000A60000-0x0000000000A78000-memory.dmp

      Filesize

      96KB

      Download

    • memory/4740-133-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4740-135-0x0000000002370000-0x0000000002384000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4740-136-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4740-137-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download