c2c9e2dace0bd37d84223c4676d1170281490ae77e55ec89c5373f3312173729

Analysis

max time kernel
151s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2c9e2dace0bd37d84223c4676d1170281490ae77e55ec89c5373f3312173729.exe
Size

1.5MB
MD5

eb6e25069c0c716cbe20b0e68979ea4e
SHA1

1be24ca97a7f67901df72da205c0b2c3ea26dba6
SHA256

c2c9e2dace0bd37d84223c4676d1170281490ae77e55ec89c5373f3312173729
SHA512

8adc1c5ffa5125371c5c6fe0958737f83a8961d3607263aa54833dcd8128a868f026a01f07c6489b9d20145aba5eb12c3ae864b5a73caf48e3ea71f432cf388a
SSDEEP

12288:7PjfusMrlSyEeLQJWtnmre82s5Izry20Hha02ock0eQFsvO6hjY+Id3z6+FgLd0i:/fdMrlSj2QGmi8YuJMVFsts3eKa0+/lh

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2728-133-0x0000000000400000-0x00000000005B6000-memory.dmp	upx

Program crash 9 IoCs

pid	pid_target	Process	procid_target
444	2728	WerFault.exe	78
4696	2728	WerFault.exe	78
4612	2728	WerFault.exe	78
1180	2728	WerFault.exe	78
2548	2728	WerFault.exe	78
4664	2728	WerFault.exe	78
4524	2728	WerFault.exe	78
2820	2728	WerFault.exe	78
4556	2728	WerFault.exe	78

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2728	c2c9e2dace0bd37d84223c4676d1170281490ae77e55ec89c5373f3312173729.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2728	c2c9e2dace0bd37d84223c4676d1170281490ae77e55ec89c5373f3312173729.exe

C:\Users\Admin\AppData\Local\Temp\c2c9e2dace0bd37d84223c4676d1170281490ae77e55ec89c5373f3312173729.exe
"C:\Users\Admin\AppData\Local\Temp\c2c9e2dace0bd37d84223c4676d1170281490ae77e55ec89c5373f3312173729.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2728
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 832
  2⤵
  - Program crash
  PID:444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 852
  2⤵
  - Program crash
  PID:4696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 852
  2⤵
  - Program crash
  PID:4612
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 904
  2⤵
  - Program crash
  PID:1180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 984
  2⤵
  - Program crash
  PID:2548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 1012
  2⤵
  - Program crash
  PID:4664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 1048
  2⤵
  - Program crash
  PID:4524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 776
  2⤵
  - Program crash
  PID:2820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 836
  2⤵
  - Program crash
  PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2728 -ip 2728
1⤵
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2728 -ip 2728
1⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2728 -ip 2728
1⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2728 -ip 2728
1⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2728 -ip 2728
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2728 -ip 2728
1⤵
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2728 -ip 2728
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2728 -ip 2728
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2728 -ip 2728
1⤵
PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-132-0x00000000026D0000-0x00000000029C0000-memory.dmp

Filesize
2.9MB

Download
memory/2728-133-0x0000000000400000-0x00000000005B6000-memory.dmp

Filesize
1.7MB

Download