09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5.exe
Size

15.4MB
MD5

2026847e0c407cf2c5cd749f05a5fa03
SHA1

e0d998352aa9b223f509b81110e01df5b84ba92c
SHA256

09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5
SHA512

2388e32bbcf3509f370176399210080327f1a68df7236b10564d052e7a81f883c234553616ed0689481a75d1088faa1260317b8244180b02ffbc715bf43daac4
SSDEEP

393216:Gj0TmcKNHLkOxRfaGyqS1ob3l9ePopZAf6tCGoTgsI:GjmmcKNAgQGyj1ob19eLf6ck

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3676	440	WerFault.exe	82

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
440	09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5.exe
440	09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5.exe
440	09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5.exe
440	09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5.exe

C:\Users\Admin\AppData\Local\Temp\09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5.exe
"C:\Users\Admin\AppData\Local\Temp\09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:440
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 2564
  2⤵
  - Program crash
  PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 440 -ip 440
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\09e90cacd09df6db35ebe3a85e9d3ae1b72ce498459ae263b4ec042198fb2ca5.exepack.tmp

Filesize
2KB

MD5
814ac4d365041b4a44189a06f5fcc3be

SHA1
0a3809ae56fc40a837521efc5e26caf974e4c616

SHA256
6c557d45870a330a766a29d6a6f94775c303d7c9d6b1e6afc36bd63541ff4c0c

SHA512
68b5dde03e0cfcac463c884b5fdc0974a2060f4cfd1ea7337e481699cc28367a9b3a25e4ddcdf0bc7fc79cded415e6e1db26d40e30b141073e80a2f76cec5f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ed8be0ff3c6dbcd03900cece9eea51d9.ini

Filesize
1KB

MD5
ed4e4d16139e218bc53ff085403ce5ab

SHA1
a08b551266f1c6f95c91d6e787e98fd0ddef49b4

SHA256
4457bbdc151cd5ae31595b64dab05d78d632221174bf6dd964db2d4f1195d290

SHA512
9ed7940f4da52c1e5ac17970e1471e417931ccfc02cd5dead0a04cf0bbd40757aafb628426e8fc4bf058b1e767d3cfb15c8da765e4e1c8d3c218417c38ec2f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\ed8be0ff3c6dbcd03900cece9eea51d9A.ini

Filesize
1KB

MD5
1b70cd4263d0a8895508e29b6f9345a1

SHA1
26831620e8f1adbf7977edb265b8060ee60b2e86

SHA256
0966f13fa9b1bfbb6bc5952f66a1d9c48b38d7e5c21261f5b5e9a6a6c41f4441

SHA512
a8ef5f22b88e67775b779ea1bd47d5d035467c9018ad2cbc9121dd26580dd0822461b1e08006053aa58ab019db954b826d72825c2c6701e4ec5cdf4fbc4d5f60

Download Submit
memory/440-133-0x0000000000400000-0x0000000001DFC000-memory.dmp

Filesize
26.0MB

Download
memory/440-134-0x0000000002280000-0x0000000002283000-memory.dmp

Filesize
12KB

Download
memory/440-135-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/440-481-0x0000000000400000-0x0000000001DFC000-memory.dmp

Filesize
26.0MB

Download
memory/440-482-0x0000000002280000-0x0000000002283000-memory.dmp

Filesize
12KB

Download
memory/440-486-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/440-487-0x0000000000400000-0x0000000001DFC000-memory.dmp

Filesize
26.0MB

Download