b629da710fc4b34915df783bec6d9c206e2d74e64bf3b2f2cb167d4a5a0457e2

Analysis

max time kernel
156s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b629da710fc4b34915df783bec6d9c206e2d74e64bf3b2f2cb167d4a5a0457e2.exe
Size

24KB
MD5

c190b9c81c0a6b109cba9199807d4db7
SHA1

d0412d15700f529a484bd4dd7b87c388c3590ea8
SHA256

b629da710fc4b34915df783bec6d9c206e2d74e64bf3b2f2cb167d4a5a0457e2
SHA512

02f0b5aad70bb861bd0e553f7bfb67e9efee4eb52ff3263c701772e119b25be9de3670df327accb7bb8bd8c4b07fecdf0130b0898935fe14014807add4e54763
SSDEEP

384:nmhc75ettmadb5UZC4q6eyopqmX5flfHYTyeS:nm25etVp+ZWJMmXXwS

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Local\Temp\b629da710fc4b34915df783bec6d9c206e2d74e64bf3b2f2cb167d4a5a0457e2.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b629da710fc4b34915df783bec6d9c206e2d74e64bf3b2f2cb167d4a5a0457e2.exe"	b629da710fc4b34915df783bec6d9c206e2d74e64bf3b2f2cb167d4a5a0457e2.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1784	2976	WerFault.exe	57

C:\Users\Admin\AppData\Local\Temp\b629da710fc4b34915df783bec6d9c206e2d74e64bf3b2f2cb167d4a5a0457e2.exe
"C:\Users\Admin\AppData\Local\Temp\b629da710fc4b34915df783bec6d9c206e2d74e64bf3b2f2cb167d4a5a0457e2.exe"
1⤵
- Adds Run key to start application
PID:2976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 332
  2⤵
  - Program crash
  PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2976 -ip 2976
1⤵
PID:4556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads