Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
08/10/2023, 20:53
Static task
static1
Behavioral task
behavioral1
Sample
753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
Resource
win10v2004-20230915-en
General
-
Target
753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
-
Size
10.0MB
-
MD5
2131081c6f122df39d929568c4ccb079
-
SHA1
bdf28c0da821be84c13b371b4e02f8252bf38644
-
SHA256
753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf
-
SHA512
f86b00ac5b8be41e0100e8f52afa40aa76a4323f63e73c893bdd28a5991f642eea4c7064e45812cf7d8070c27d7e5920c20cf3376701c89c37ac1ee02426657b
-
SSDEEP
196608:fVbwTsOb7j8ydbV3YN3XypC8AtWviK3cCI07wTXxntWaFdOKo9:fV4sAXdp3Q3XKKWNBI7tBW
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3752 4740 WerFault.exe 85 -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4740 753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe 4740 753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe 4740 753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe 4740 753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe"C:\Users\Admin\AppData\Local\Temp\753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4740 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 29482⤵
- Program crash
PID:3752
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4740 -ip 47401⤵PID:4968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5925f83f303b7ace15211b4064cc2e0b6
SHA160014a0e02ad8b5e926566b8e91449eeba7e7091
SHA2563034da7fb2ccf8084d159a9a423bd7eac28c08238f11fb67aa06514a465332bd
SHA512c43dbe529f6d008ea9df48e70d38b803213b1b4934c65cb8abce5a0a7638643117e69413bcb4e87fd367ee0dd4fb77ecc757439cc2002f97b866cf29a8c27cf6
-
Filesize
1KB
MD5a971b06a6ee40fef3bb35802ab6a392b
SHA1ec53957c415c8fc644a3c8b98f4a0d9eb2010148
SHA256f5655344644b192dd6823db1482b2f31df4e3d11d815ae9b8302d6d55b6ac34d
SHA5124cd5a79681829064fdade4b6c3f77a27bf58b3fdf52575bdcec64ad892e4151de96cbbec3c2ee1de9e12b5ff35a53fead25786916be8a81c6fe2ebb15a5cc1b2
-
C:\Users\Admin\AppData\Local\Temp\753705aec0d5b49d9fd93735d9d45cdcd9429481f403bb6d98056d915532cccf.exepack.tmp
Filesize2KB
MD54156ed8445cb964e4d3d10234396e4d7
SHA1f8de86fc5eb1097164d8596f8d81f9f90c294097
SHA256d2ce4c3b3e18f0e4c46098495ae5d693e655c5ed7eb170b4c75b2c471331cdce
SHA512a5c2e913bda1b2aac5cd58c0b91cdc33cfd857abb7b4a636214fd325c80e46e43006ced5c18076d8ffeabd15dfc25073ab04e38cd1e074a9614b704e2142e4dc