Overview

overview

7

Static

static

3

WampServer2.0h.exe

windows7-x64

7

WampServer2.0h.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2023, 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WampServer2.0h.exe

  • Size

    16.1MB

  • MD5

    200601795c7599c1912469e814ff6c79

  • SHA1

    83e0f780fca2c870653dba0adf4a6b7a08093e02

  • SHA256

    d97d29fbadc292ad90cf5bf552897c4b6db1fc86565c6cf6ce03df768e00e1d5

  • SHA512

    6285c28818e3fb07db0b478c399c1b4996732e7737828156e3e89138b5d61f60584daed78cd0a45ee2a8ab2a218465fc3c8376668c54bae7e91744023581878d

  • SSDEEP

    393216:La3hPPqwe8GS0fGZn2BvTPGHcaqmZwSEMmZJqeVtNMq:LaR3qwZt0fi2BvTPG8aqD5JZRv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WampServer2.0h.exe
    "C:\Users\Admin\AppData\Local\Temp\WampServer2.0h.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Users\Admin\AppData\Local\Temp\is-H9A55.tmp\WampServer2.0h.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-H9A55.tmp\WampServer2.0h.tmp" /SL5="$9002C,16535377,61952,C:\Users\Admin\AppData\Local\Temp\WampServer2.0h.exe"
      2⤵
      • Executes dropped EXE
      PID:2688

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-H9A55.tmp\WampServer2.0h.tmp
    Filesize

    677KB

    MD5

    5bcadcff9a1061c7275c13b51467ecff

    SHA1

    4af379d9f96b0fe0a4d58049d007a1705db2499f

    SHA256

    7b0fcf228d20724d5c2253b21f08c101a410c026dd62a0c59d0867913e8ee5c5

    SHA512

    631fbd22e4b558a267bd1063985224739cdf122ab77094f51f77341764f1b51ea43c82cd3e6ca7c00c312d428060d9fe27d388482b3349607609c3c3e204ba9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-H9A55.tmp\WampServer2.0h.tmp
    Filesize

    677KB

    MD5

    5bcadcff9a1061c7275c13b51467ecff

    SHA1

    4af379d9f96b0fe0a4d58049d007a1705db2499f

    SHA256

    7b0fcf228d20724d5c2253b21f08c101a410c026dd62a0c59d0867913e8ee5c5

    SHA512

    631fbd22e4b558a267bd1063985224739cdf122ab77094f51f77341764f1b51ea43c82cd3e6ca7c00c312d428060d9fe27d388482b3349607609c3c3e204ba9b

    Download Submit

  • memory/2688-144-0x0000000000790000-0x0000000000791000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2688-146-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/2688-147-0x0000000000790000-0x0000000000791000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4644-133-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4644-145-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download