Overview

overview

10

Static

static

3

C/ProgramD...a0.exe

windows7-x64

10

C/ProgramD...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    32s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2023 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    C/ProgramData/Sentinel/AFUCache/5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0.exe

  • Size

    294KB

  • MD5

    88364591c29935142382c7c04a6cfcfe

  • SHA1

    c5c956f5fa522b8e97fbb4ed534d0ccca0d54d06

  • SHA256

    5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0

  • SHA512

    6f104c05e464dc521ebd33d00b31f0431031c349f8805fc5e976f636f0800e5d1ea339d822cee4999147ecf89efa4f38491e6678926d1d27d4f9ad1c365e8b36

  • SSDEEP

    3072:CsixsE5b3mZCwC1AtgZ4GPd0AwQcNvS43sRzzwJORCEGqUjQOBIN:CsiRbnwCumev7643sBTY7FNs

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0.exe
    "C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1156
    • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
      C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
      2⤵
      • Executes dropped EXE
      PID:1516
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 264
        3⤵
        • Program crash
        PID:1064
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1516 -ip 1516
    1⤵
      PID:2284

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
      Filesize

      220KB

      MD5

      1b7fc3fa0a84470506c3028b48a5f04d

      SHA1

      3fa9f258fd20c92c0dd366f1520d44f61e236d3b

      SHA256

      9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

      SHA512

      1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
      Filesize

      220KB

      MD5

      1b7fc3fa0a84470506c3028b48a5f04d

      SHA1

      3fa9f258fd20c92c0dd366f1520d44f61e236d3b

      SHA256

      9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

      SHA512

      1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

      Download Submit
    • memory/1156-133-0x0000000000400000-0x000000000044E000-memory.dmp
      Filesize

      312KB

      Download
    • memory/1156-141-0x0000000000400000-0x000000000044E000-memory.dmp
      Filesize

      312KB

      Download
    • memory/1516-138-0x0000000000400000-0x0000000000470000-memory.dmp
      Filesize

      448KB

      Download
    • memory/1516-139-0x00000000005B0000-0x00000000005B1000-memory.dmp
      Filesize

      4KB

      Download