Overview

overview

3

Static

static

3

b84410aac7...d5.exe

windows7-x64

1

b84410aac7...d5.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2023, 20:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b84410aac704138ccc7bf9c65c90722bc284b4b0bd2a1082f6c48e7f68c12dd5.exe

  • Size

    1.0MB

  • MD5

    bef60865194e5ce13d82b5fea28904a9

  • SHA1

    100cad287dba6c2860e8579d4f24f1562365a407

  • SHA256

    b84410aac704138ccc7bf9c65c90722bc284b4b0bd2a1082f6c48e7f68c12dd5

  • SHA512

    98338495f3cd8592532a3f9c130f80b556122f5e94168585ee477b89a862e1dfa92ee45172a856caeb455a9912ac2877949ba6c7b897170471ec44c54c857713

  • SSDEEP

    24576:nPgBdM6kUzfikRvfts7qSA+8aPCf17C7BUJbXajCJAAJquxsbO:nPgZzdf5CCNyC2oquM

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b84410aac704138ccc7bf9c65c90722bc284b4b0bd2a1082f6c48e7f68c12dd5.exe
    "C:\Users\Admin\AppData\Local\Temp\b84410aac704138ccc7bf9c65c90722bc284b4b0bd2a1082f6c48e7f68c12dd5.exe"
    1⤵
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Windows\SYSTEM32\WerFault.exe
      WerFault
      2⤵
        PID:4992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4604-0-0x0000000002460000-0x0000000002461000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4604-9-0x0000000002460000-0x0000000002461000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4604-10-0x00007FFD24EF0000-0x00007FFD250E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4604-12-0x0000000000400000-0x000000000051D000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4992-11-0x00000260562A0000-0x00000260562A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4992-13-0x0000026056B90000-0x0000026057B1B000-memory.dmp

      Filesize

      15.5MB

      Download

    • memory/4992-16-0x000002605A1E0000-0x000002605B1DA000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4992-15-0x000002605A1E0000-0x000002605B1DA000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4992-17-0x000002605A1E0000-0x000002605B1DA000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4992-18-0x000002605A1E0000-0x000002605B1DA000-memory.dmp

      Filesize

      16.0MB

      Download