29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72

Resubmissions

24-07-2023 06:15

230724-gz1l4abb4s 10

03-08-2022 13:09

220803-qdvy6abdc5 7

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2023 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
Size

4.2MB
MD5

b977d6d227d7ffd28168fb328764d163
SHA1

51cf8ecff9ed421c2f340e4dca93722f0f274912
SHA256

29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72
SHA512

0b711955e3265a82fde671273421fa1b495e31f84e1609cf4254762e1b1b848ae8ad3d85a08a79a61c0bff43851440f6ff3f8993cee05dbd85a99be3e7cc106c
SSDEEP

49152:FzrP0og+7HgS3qkxIgyRiYYCuxG3qiz3/TmQF+4KoL+v3iGcdpLrNbTn:JzYkeRIondrNP

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe

description ioc process

File opened (read-only) \??\F: 29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4284 4656 WerFault.exe 29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe

description	ioc	process
File opened (read-only)	\??\F:	29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe

pid	pid_target	process	target process
4284	4656	WerFault.exe	29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe

pid	process
4656	29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
4656	29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
4656	29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
4656	29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
4656	29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
4656	29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe

C:\Users\Admin\AppData\Local\Temp\29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe
"C:\Users\Admin\AppData\Local\Temp\29e841b19b52bd24701d86e7d5bbdc74391a0d00ed645b0fefec9c78d56c2b72.exe"
1⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
PID:4656
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4656 -s 1376
  2⤵
  - Program crash
  PID:4284

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 4656 -ip 4656
1⤵
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads