f283c5361a9de52e07bd7260fc76a9768cb4ebc71fa247e0c313d064a7fcaa7a

Analysis

max time kernel
130s
max time network
133s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17/08/2023, 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Electron/Electron.exe
Size

3.9MB
MD5

28564f4fbb6558373cbb82469ef2587d
SHA1

2c8f089df7a8d2dfce7c4c29af2db6eda5940d80
SHA256

e9f944ab296bcaa235eb584d6b7fa2811fc1a0f3bc2596a99675cdd114cdfcf5
SHA512

5e1df4736aaa9008ac7922a242ec15fb6644b90973880c378182f11d14834b431ead370684f1abf7c93dcdb3f1518f068a9c8bc459e4572ce19c8178374b7021
SSDEEP

98304:xkKnhd6yuxhRsHHfrIHj8yBzAziXOhhFa:mEhoyuEHcjJBzAzJhhFa

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2964	Electron.exe
2964	Electron.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2964	Electron.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2916	2964	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2964	Electron.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2916	2964	Electron.exe	28
PID 2964 wrote to memory of 2916	2964	Electron.exe	28
PID 2964 wrote to memory of 2916	2964	Electron.exe	28
PID 2964 wrote to memory of 2916	2964	Electron.exe	28

C:\Users\Admin\AppData\Local\Temp\Electron\Electron.exe
"C:\Users\Admin\AppData\Local\Temp\Electron\Electron.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 2744
  2⤵
  - Program crash
  PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Electron\Microsoft.Web.WebView2.Core.dll

Filesize
418KB

MD5
f342d254fdd33e76b2fd6a3f8b517de3

SHA1
79c91621ea96a6635e3934e9b46dcf23d1fc762e

SHA256
8ccde337ed97230a54e20db8608e3e74e6dbe3f4d153846a07484c2fa5ae596a

SHA512
618963615db38d9ead4855555e7ca7558b0f3c9cc425a950e3f3457d49a5b50645fc9718a0693398d07bc1d822067e9fd8289d45f889586884daf25aedeb6cba

Download Submit
\Users\Admin\AppData\Local\Temp\Electron\Microsoft.Web.WebView2.Core.dll

Filesize
418KB

MD5
f342d254fdd33e76b2fd6a3f8b517de3

SHA1
79c91621ea96a6635e3934e9b46dcf23d1fc762e

SHA256
8ccde337ed97230a54e20db8608e3e74e6dbe3f4d153846a07484c2fa5ae596a

SHA512
618963615db38d9ead4855555e7ca7558b0f3c9cc425a950e3f3457d49a5b50645fc9718a0693398d07bc1d822067e9fd8289d45f889586884daf25aedeb6cba

Download Submit
memory/2964-74-0x00000000052D0000-0x000000000541A000-memory.dmp

Filesize
1.3MB

Download
memory/2964-87-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-57-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-58-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-59-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-66-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-69-0x0000000077760000-0x0000000077762000-memory.dmp

Filesize
8KB

Download
memory/2964-67-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-73-0x0000000001140000-0x0000000001B4C000-memory.dmp

Filesize
10.0MB

Download
memory/2964-72-0x0000000001140000-0x0000000001B4C000-memory.dmp

Filesize
10.0MB

Download
memory/2964-53-0x0000000001140000-0x0000000001B4C000-memory.dmp

Filesize
10.0MB

Download
memory/2964-75-0x0000000000460000-0x000000000046A000-memory.dmp

Filesize
40KB

Download
memory/2964-56-0x0000000076C30000-0x0000000076C77000-memory.dmp

Filesize
284KB

Download
memory/2964-55-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-76-0x0000000000460000-0x000000000046A000-memory.dmp

Filesize
40KB

Download
memory/2964-54-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-81-0x0000000005B90000-0x0000000005BFC000-memory.dmp

Filesize
432KB

Download
memory/2964-83-0x0000000000E00000-0x0000000000E10000-memory.dmp

Filesize
64KB

Download
memory/2964-84-0x0000000001140000-0x0000000001B4C000-memory.dmp

Filesize
10.0MB

Download
memory/2964-85-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2964-86-0x0000000076C30000-0x0000000076C77000-memory.dmp

Filesize
284KB

Download
memory/2964-77-0x00000000054B0000-0x00000000054F0000-memory.dmp

Filesize
256KB

Download
memory/2964-89-0x0000000000460000-0x000000000046A000-memory.dmp

Filesize
40KB

Download
memory/2964-90-0x0000000000460000-0x000000000046A000-memory.dmp

Filesize
40KB

Download
memory/2964-91-0x00000000054B0000-0x00000000054F0000-memory.dmp

Filesize
256KB

Download