753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2023, 20:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
Size

10.0MB
MD5

2131081c6f122df39d929568c4ccb079
SHA1

bdf28c0da821be84c13b371b4e02f8252bf38644
SHA256

753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf
SHA512

f86b00ac5b8be41e0100e8f52afa40aa76a4323f63e73c893bdd28a5991f642eea4c7064e45812cf7d8070c27d7e5920c20cf3376701c89c37ac1ee02426657b
SSDEEP

196608:fVbwTsOb7j8ydbV3YN3XypC8AtWviK3cCI07wTXxntWaFdOKo9:fV4sAXdp3Q3XKKWNBI7tBW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3752	4740	WerFault.exe	85

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4740	753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
4740	753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
4740	753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
4740	753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe

C:\Users\Admin\AppData\Local\Temp\753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
"C:\Users\Admin\AppData\Local\Temp\753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4740
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 2948
  2⤵
  - Program crash
  PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4740 -ip 4740
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0d6c8940bb0ee06730d3ac69f330f4e7.ini

Filesize
1KB

MD5
925f83f303b7ace15211b4064cc2e0b6

SHA1
60014a0e02ad8b5e926566b8e91449eeba7e7091

SHA256
3034da7fb2ccf8084d159a9a423bd7eac28c08238f11fb67aa06514a465332bd

SHA512
c43dbe529f6d008ea9df48e70d38b803213b1b4934c65cb8abce5a0a7638643117e69413bcb4e87fd367ee0dd4fb77ecc757439cc2002f97b866cf29a8c27cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d6c8940bb0ee06730d3ac69f330f4e7A.ini

Filesize
1KB

MD5
a971b06a6ee40fef3bb35802ab6a392b

SHA1
ec53957c415c8fc644a3c8b98f4a0d9eb2010148

SHA256
f5655344644b192dd6823db1482b2f31df4e3d11d815ae9b8302d6d55b6ac34d

SHA512
4cd5a79681829064fdade4b6c3f77a27bf58b3fdf52575bdcec64ad892e4151de96cbbec3c2ee1de9e12b5ff35a53fead25786916be8a81c6fe2ebb15a5cc1b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exepack.tmp

Filesize
2KB

MD5
4156ed8445cb964e4d3d10234396e4d7

SHA1
f8de86fc5eb1097164d8596f8d81f9f90c294097

SHA256
d2ce4c3b3e18f0e4c46098495ae5d693e655c5ed7eb170b4c75b2c471331cdce

SHA512
a5c2e913bda1b2aac5cd58c0b91cdc33cfd857abb7b4a636214fd325c80e46e43006ced5c18076d8ffeabd15dfc25073ab04e38cd1e074a9614b704e2142e4dc

Download Submit
memory/4740-0-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/4740-1-0x0000000001E10000-0x0000000001E13000-memory.dmp

Filesize
12KB

Download
memory/4740-2-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/4740-351-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/4740-356-0x0000000001E10000-0x0000000001E13000-memory.dmp

Filesize
12KB

Download
memory/4740-365-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/4740-371-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download