b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce

Analysis

max time kernel
133s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2023, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
Size

1.1MB
MD5

d0e92da228ce827afe6541801aa866c7
SHA1

8e476f0dbdc2a4e154cfe012747e6831f7670540
SHA256

b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce
SHA512

e0f8d7e09348c7f3a35eb178b166bc3f6d5b34a3cb029809137293a0c89040f0cab9afe05f7a4dafc38f6e442c39fbdbaa3d07a7a906851f12a2c7ecab4aff04
SSDEEP

24576:TxkHgKPNrPA37hzHIA6/oR36vln6sYEubnhRgZtnTjDExl6XxIiK6Ze:Tx6frPA37hzHIA6/3UvjhRgZ9TAyxIR6

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
16	ipapi.co
14	api.ipify.org

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2040	3212	WerFault.exe	81

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\BIOS	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3212	b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe

C:\Users\Admin\AppData\Local\Temp\b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe
"C:\Users\Admin\AppData\Local\Temp\b5c56cbcfeb38daecb92491907085412a845176693fb5c2a12e0a1d86e676fce.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
PID:3212
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1376
  2⤵
  - Program crash
  PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3212 -ip 3212
1⤵
PID:344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads