Analysis
-
max time kernel
144s -
max time network
147s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
11-01-2023 04:00
Static task
static1
Behavioral task
behavioral1
Sample
74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe
Resource
win10-20220812-en
General
-
Target
74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe
-
Size
1.1MB
-
MD5
bffe012c1c5bc14382b3e77f8b1a7b6f
-
SHA1
136ccb8b56320b739e35ce0da7635f88024d1547
-
SHA256
74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47
-
SHA512
76c4c5cb02c4e9d1a87a7791656e540490b27eb5fe9596782c4583aa656e85f99cf5305275432b9c802720501f3529d73f9d1f66957c16a5f7ed0deae6b11015
-
SSDEEP
24576:Vy8zWKlZWVh/ajb+X/PT7oN9zreGT6d8x36u4m0ms4plRwrGyEJMjxveld:Vy4WEQWjiHXorzreGTg8xumHs4V3sxWz
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2392 rundll32.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4228 2392 WerFault.exe 66 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4876 wrote to memory of 2392 4876 74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe 66 PID 4876 wrote to memory of 2392 4876 74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe 66 PID 4876 wrote to memory of 2392 4876 74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe 66
Processes
-
C:\Users\Admin\AppData\Local\Temp\74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe"C:\Users\Admin\AppData\Local\Temp\74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4876 -
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\Qytyaworpiotpd.tmp",Edoqqdswdffqipe2⤵
- Loads dropped DLL
PID:2392 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 7243⤵
- Program crash
PID:4228
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
752KB
MD5710af73b2d7e92d33fac751318c08101
SHA12208c96a528b1d96e18ae47ab274f303e4099fff
SHA25672021339c18f79141f9867c30616cbbdc517471e44d16bfe81063e5c7dba56c3
SHA5121f19138b8412b871ccf33ec351d28157b6571bc02cb1d338fc4c06bd77e9518bbdb3392d63b9bcdde2bd94746c232f90b4796363f83cecfd49e0470b6495ac1a
-
Filesize
752KB
MD5710af73b2d7e92d33fac751318c08101
SHA12208c96a528b1d96e18ae47ab274f303e4099fff
SHA25672021339c18f79141f9867c30616cbbdc517471e44d16bfe81063e5c7dba56c3
SHA5121f19138b8412b871ccf33ec351d28157b6571bc02cb1d338fc4c06bd77e9518bbdb3392d63b9bcdde2bd94746c232f90b4796363f83cecfd49e0470b6495ac1a