Overview

overview

7

Static

static

7

c5bc5974c9...40.exe

windows7-x64

3

c5bc5974c9...40.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    82s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2023 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5bc5974c98bc092710dd9422385a78b881931e0955693ee0035081dc5d08340.exe

  • Size

    5.2MB

  • MD5

    1733efc4bd3e51b8797480e0b987471f

  • SHA1

    17d91dd5d608174201e785b1d2dff09826b43dca

  • SHA256

    c5bc5974c98bc092710dd9422385a78b881931e0955693ee0035081dc5d08340

  • SHA512

    7c8161ca1321364dcb0a58c83c1049ecb2b538e30a4eeddbd3dc28a0e7280b70d30ed6b7749bfb4598bc4dd35d369a87bf801f71b0ba1e5638b8d6485019965a

  • SSDEEP

    98304:Eui/NixcFWa+792LGPiv5W8u1xfFMST/zcBIBbXIgo/xMMm:ji/pFz+RcG4Vu1xfm6/IGBbXsM

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5bc5974c98bc092710dd9422385a78b881931e0955693ee0035081dc5d08340.exe
    "C:\Users\Admin\AppData\Local\Temp\c5bc5974c98bc092710dd9422385a78b881931e0955693ee0035081dc5d08340.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:4664
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1544
      2⤵
      • Program crash
      PID:2916
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4664 -ip 4664
    1⤵
      PID:1200

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\config.ini
      Filesize

      41B

      MD5

      96b2b4208e461fae06b9bdc0a45a9b50

      SHA1

      c61c266e301306f338999028de9400cda4f80eec

      SHA256

      011b7379180d5cfdf51753b30460df5be855ae879eba60f17d462b23efb3d20f

      SHA512

      44ef2e3cc12669a89f73bd5c96cc7f938e6674709ddf9c4fcc143af4846d14f4d5053f0f08ef0f69cc04c2ddf74d572c71e984d37613ee564e5d6d087cf15412

      Download Submit
    • memory/4664-133-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-134-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-135-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-136-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-137-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-138-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-148-0x0000000003460000-0x0000000003461000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4664-155-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-162-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-163-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download
    • memory/4664-166-0x0000000000400000-0x0000000001636000-memory.dmp
      Filesize

      18.2MB

      Download