Overview

overview

7

Static

static

7

c5bc5974c9...40.exe

windows7-x64

3

c5bc5974c9...40.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    40s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2023 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5bc5974c98bc092710dd9422385a78b881931e0955693ee0035081dc5d08340.exe

  • Size

    5.2MB

  • MD5

    1733efc4bd3e51b8797480e0b987471f

  • SHA1

    17d91dd5d608174201e785b1d2dff09826b43dca

  • SHA256

    c5bc5974c98bc092710dd9422385a78b881931e0955693ee0035081dc5d08340

  • SHA512

    7c8161ca1321364dcb0a58c83c1049ecb2b538e30a4eeddbd3dc28a0e7280b70d30ed6b7749bfb4598bc4dd35d369a87bf801f71b0ba1e5638b8d6485019965a

  • SSDEEP

    98304:Eui/NixcFWa+792LGPiv5W8u1xfFMST/zcBIBbXIgo/xMMm:ji/pFz+RcG4Vu1xfm6/IGBbXsM

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5bc5974c98bc092710dd9422385a78b881931e0955693ee0035081dc5d08340.exe
    "C:\Users\Admin\AppData\Local\Temp\c5bc5974c98bc092710dd9422385a78b881931e0955693ee0035081dc5d08340.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 900
      2⤵
      • Program crash
      PID:1296

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\config.ini
    Filesize

    41B

    MD5

    96b2b4208e461fae06b9bdc0a45a9b50

    SHA1

    c61c266e301306f338999028de9400cda4f80eec

    SHA256

    011b7379180d5cfdf51753b30460df5be855ae879eba60f17d462b23efb3d20f

    SHA512

    44ef2e3cc12669a89f73bd5c96cc7f938e6674709ddf9c4fcc143af4846d14f4d5053f0f08ef0f69cc04c2ddf74d572c71e984d37613ee564e5d6d087cf15412

    Download Submit
  • memory/944-66-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/944-56-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-57-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-58-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-59-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-55-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-54-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-76-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-83-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-84-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-85-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/944-87-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/944-89-0x0000000000400000-0x0000000001636000-memory.dmp
    Filesize

    18.2MB

    Download