84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11

General

Target

84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11.exe
Size

1.2MB
MD5

489d3eb55c0d29c8515550d3a0276fb0
SHA1

f4b25f271eb615e5ad2104e71f7cb7466fa86650
SHA256

84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11
SHA512

cb88d31503b5cdb0013597fef72e671c6dca5f67bd5a53b7bb289c397413b1890c111db822667086a2d0a9c448846dc87d50680388f1bc4a4abec1eadf32452a
SSDEEP

12288:V1zO7bsk22wWuAn30pO2vB0gsSYKlQlxuNor/a/GFTgqdpQbahVE4Gy8YI:V1zESNi30pO2vB0gsSfs4ogq5hVr8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1896	50YFE3YiAeZRCGRgC.exe

Loads dropped DLL 6 IoCs

pid	Process
1896	50YFE3YiAeZRCGRgC.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	1896	WerFault.exe	28

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1896	2208	84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11.exe	28
PID 2208 wrote to memory of 1896	2208	84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11.exe	28
PID 2208 wrote to memory of 1896	2208	84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11.exe	28
PID 2208 wrote to memory of 1896	2208	84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11.exe	28
PID 1896 wrote to memory of 2032	1896	50YFE3YiAeZRCGRgC.exe	29
PID 1896 wrote to memory of 2032	1896	50YFE3YiAeZRCGRgC.exe	29
PID 1896 wrote to memory of 2032	1896	50YFE3YiAeZRCGRgC.exe	29
PID 1896 wrote to memory of 2032	1896	50YFE3YiAeZRCGRgC.exe	29

C:\Users\Admin\AppData\Local\Temp\84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11.exe
"C:\Users\Admin\AppData\Local\Temp\84d2c8e6db93c24f62f130f5005ce911bfc3c06ae4347269d12d30f86c107e11.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\50YFE3YiAeZRCGRgC.exe
  C:\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\50YFE3YiAeZRCGRgC.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\50YFE3YiAeZRCGRgC.exe

Filesize
464KB

MD5
8fb40825d6a7ab6615807dbda6c62a62

SHA1
77c2a29b457dcb392f1ae1aa4d82cee152629f35

SHA256
245bf5a58ec5d3dcc34c3d8ecb1dfa996aaff66c26a74eae76c80aacc93e54d1

SHA512
1f0b7d2ceb14cecde1dab2310ad42d882804b20930a4e686619d3f6ea86466bbe79b9eabff0e0f513c85dadd16eed22f39cd8f1cedc3763a6900ed59e126ac6b

Download Submit
C:\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\Rainmeter.dll

Filesize
472KB

MD5
f9c51efdcc1a659ce751927b1cd247ed

SHA1
0762d2ea24713c8d6ab55e5c258d139869c01f9f

SHA256
fcf1fdf15a9e2d923bc648d7d1c62687417cdbd293aebaf4f8114f45d5e9ddd1

SHA512
5048d2eac5641ad94b4ef65c5b40942f3620ed1bdfc6ac9b6385c7620b697ed364286b3dc57768dd0881d921042b9d42ed5182a02ad23d27c6f860f1a41d3026

Download Submit
\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\50YFE3YiAeZRCGRgC.exe

Filesize
464KB

MD5
8fb40825d6a7ab6615807dbda6c62a62

SHA1
77c2a29b457dcb392f1ae1aa4d82cee152629f35

SHA256
245bf5a58ec5d3dcc34c3d8ecb1dfa996aaff66c26a74eae76c80aacc93e54d1

SHA512
1f0b7d2ceb14cecde1dab2310ad42d882804b20930a4e686619d3f6ea86466bbe79b9eabff0e0f513c85dadd16eed22f39cd8f1cedc3763a6900ed59e126ac6b

Download Submit
\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\50YFE3YiAeZRCGRgC.exe

Filesize
464KB

MD5
8fb40825d6a7ab6615807dbda6c62a62

SHA1
77c2a29b457dcb392f1ae1aa4d82cee152629f35

SHA256
245bf5a58ec5d3dcc34c3d8ecb1dfa996aaff66c26a74eae76c80aacc93e54d1

SHA512
1f0b7d2ceb14cecde1dab2310ad42d882804b20930a4e686619d3f6ea86466bbe79b9eabff0e0f513c85dadd16eed22f39cd8f1cedc3763a6900ed59e126ac6b

Download Submit
\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\50YFE3YiAeZRCGRgC.exe

Filesize
464KB

MD5
8fb40825d6a7ab6615807dbda6c62a62

SHA1
77c2a29b457dcb392f1ae1aa4d82cee152629f35

SHA256
245bf5a58ec5d3dcc34c3d8ecb1dfa996aaff66c26a74eae76c80aacc93e54d1

SHA512
1f0b7d2ceb14cecde1dab2310ad42d882804b20930a4e686619d3f6ea86466bbe79b9eabff0e0f513c85dadd16eed22f39cd8f1cedc3763a6900ed59e126ac6b

Download Submit
\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\50YFE3YiAeZRCGRgC.exe

Filesize
464KB

MD5
8fb40825d6a7ab6615807dbda6c62a62

SHA1
77c2a29b457dcb392f1ae1aa4d82cee152629f35

SHA256
245bf5a58ec5d3dcc34c3d8ecb1dfa996aaff66c26a74eae76c80aacc93e54d1

SHA512
1f0b7d2ceb14cecde1dab2310ad42d882804b20930a4e686619d3f6ea86466bbe79b9eabff0e0f513c85dadd16eed22f39cd8f1cedc3763a6900ed59e126ac6b

Download Submit
\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\50YFE3YiAeZRCGRgC.exe

Filesize
464KB

MD5
8fb40825d6a7ab6615807dbda6c62a62

SHA1
77c2a29b457dcb392f1ae1aa4d82cee152629f35

SHA256
245bf5a58ec5d3dcc34c3d8ecb1dfa996aaff66c26a74eae76c80aacc93e54d1

SHA512
1f0b7d2ceb14cecde1dab2310ad42d882804b20930a4e686619d3f6ea86466bbe79b9eabff0e0f513c85dadd16eed22f39cd8f1cedc3763a6900ed59e126ac6b

Download Submit
\Users\Admin\AppData\Roaming\3B4xR7qrF1XzIRKpYa37\Rainmeter.dll

Filesize
472KB

MD5
f9c51efdcc1a659ce751927b1cd247ed

SHA1
0762d2ea24713c8d6ab55e5c258d139869c01f9f

SHA256
fcf1fdf15a9e2d923bc648d7d1c62687417cdbd293aebaf4f8114f45d5e9ddd1

SHA512
5048d2eac5641ad94b4ef65c5b40942f3620ed1bdfc6ac9b6385c7620b697ed364286b3dc57768dd0881d921042b9d42ed5182a02ad23d27c6f860f1a41d3026

Download Submit
memory/1896-8-0x0000000010000000-0x00000000100E9000-memory.dmp

Filesize
932KB

Download
memory/1896-14-0x0000000010000000-0x00000000100E9000-memory.dmp

Filesize
932KB

Download
memory/1896-13-0x0000000010000000-0x00000000100E9000-memory.dmp

Filesize
932KB

Download
memory/1896-11-0x0000000010000000-0x00000000100E9000-memory.dmp

Filesize
932KB

Download
memory/1896-12-0x0000000010000000-0x00000000100E9000-memory.dmp

Filesize
932KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads