dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61

Analysis

max time kernel
122s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2023, 20:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Size

14.5MB
MD5

9cae22eaa31aee209e7b87b30d794dc1
SHA1

3d3d25b31112c57c461cd86dca13b810d2d074bc
SHA256

dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61
SHA512

0fcb803806754d6c327d70fbd09fa36f21b35db4a0d92daf051079c0a254c3d685984e6724af65001cc0fe4c2428c17e76989818ca671d18e65d0ac2ea6b3491
SSDEEP

196608:QEbzn1yKTsy0LScY2q6mHx96bYPKwrh62OfQybhXldXPGRD1BH/pQMQ75bjMFUv5:Hroxe/HblJk/rfdXUZBHRqxjMu5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5056	3832	WerFault.exe	82
5012	3832	WerFault.exe	82

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3832	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
3832	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
3832	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
3832	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe

C:\Users\Admin\AppData\Local\Temp\dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
"C:\Users\Admin\AppData\Local\Temp\dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 2592
  2⤵
  - Program crash
  PID:5056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 2644
  2⤵
  - Program crash
  PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3832 -ip 3832
1⤵
PID:244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3832 -ip 3832
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\654022247072d1c03e42e4190083f592.ini

Filesize
1KB

MD5
460edb3be4690a551a2e97a1f026296e

SHA1
6096ed3d0a5e23a3dec5de52550ae80a36169466

SHA256
f330798eaa2c2649f427659b980aa783bc6a4e520439f56ea0aeabd157832899

SHA512
9c8f7fe2206dccadbca13777847e39b421f4a1ca1cec93ba9546699686549b085f527c369990037e775f71526a9ccc21e67139df18316173444a82e66366a076

Download Submit
C:\Users\Admin\AppData\Local\Temp\654022247072d1c03e42e4190083f592A.ini

Filesize
1KB

MD5
cf049b6db1cbb0f698d9783da8ad96a9

SHA1
81ab2ea386088527bd39313d78e3b78dbb2dc08a

SHA256
bfd71ffc559cb943f51319fa86239bae1530ae732312dd3449c703b36904e018

SHA512
97a643553ab27df98873ba6939b24eab0fe68d8be912dcdab56bbeac57f799779d7bea1b0bb82d1c57e28436d6fa537376d0fac46b465ba0fc209befa12a78f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exepack.tmp

Filesize
1KB

MD5
636504ddac5db4edc3904aba1eadccdd

SHA1
fe739b7ce6299a7aa41faf949bdacaf090454c6a

SHA256
b40ac9ab8bb8856e0748e98d09625880494afb2a9af8c4bafb94dfefa7be3acf

SHA512
b01956640134472f6dbf70275d8f9a18040f8400bf23a3b96ed6f41d916ec60a780a999c1120b994b9d5161b18c90a66117af6ab7a274c64804dd591c3cbfa20

Download Submit
memory/3832-0-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/3832-1-0x0000000001F80000-0x0000000001F83000-memory.dmp

Filesize
12KB

Download
memory/3832-2-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/3832-319-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/3832-321-0x0000000001F80000-0x0000000001F83000-memory.dmp

Filesize
12KB

Download
memory/3832-322-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download