Overview

overview

3

Static

static

1

87a84b3c06...70.exe

windows7-x64

1

87a84b3c06...70.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    166s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 08:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87a84b3c067e8f91e9d40dfd9271f007cbd2b23d46881ad85623a418fc7ed470.exe

  • Size

    1.3MB

  • MD5

    d35fd3d3358aef896a156e3e6e5d84cd

  • SHA1

    e8b14b7e8fe33099300601efdf69d74a30b1dc95

  • SHA256

    87a84b3c067e8f91e9d40dfd9271f007cbd2b23d46881ad85623a418fc7ed470

  • SHA512

    522de285c5d3eb441d7a8bceeb041163a8a6e5f258cba4f409ee5c13edc274846a3ee016065f30cc52867e2eb51559ed63cfdb9cf8b2e5a7d6d5d71dd784df32

  • SSDEEP

    24576:UcvaDKBaZSeA/+RvgswfkNoKUCuO5az/rhPV52oE:U1Q2RgkNo7Fz/VPVG

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87a84b3c067e8f91e9d40dfd9271f007cbd2b23d46881ad85623a418fc7ed470.exe
    "C:\Users\Admin\AppData\Local\Temp\87a84b3c067e8f91e9d40dfd9271f007cbd2b23d46881ad85623a418fc7ed470.exe"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1268
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 744
      2⤵
      • Program crash
      PID:3636
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 1916
      2⤵
      • Program crash
      PID:2384
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1268 -ip 1268
    1⤵
      PID:3288
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1268 -ip 1268
      1⤵
        PID:2444

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Jnns.Config
        Filesize

        1KB

        MD5

        a856278c58307ab4ea439594420e5430

        SHA1

        a54dafa4c6e19bfa89654a1e58ad5b202f1726ef

        SHA256

        5ffcedcb587f73bd26192b846c654ac04b6d1c536233524e76eef8bf1005e2ad

        SHA512

        c2fcc19de229ec466c46f08ea300a92f36e8d29ddd51503c837cdc2d04f7c811279eb8ba548729c4a8ce68ce4ded2bcc6936c9c7832bd719dc5c336205bd9c34

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Jnns.Config
        Filesize

        2KB

        MD5

        fec603b7eb5202242bf1d1d6e651cec8

        SHA1

        8709162e897230da237842e1789f9fe741d91713

        SHA256

        d6f77660b9ceeefea591dc59a9918e278b2e265dec97a7edd7b2ca5120bd4753

        SHA512

        6997df7b1a1d8ee5a6a2ca5a472be3e80d89aab3acd13db2bac2cbf53bc6243a1707f730b9c25d1f54d489e1e4b43890db2252b9081796c468adda2dc3e3805c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Jnns.Config
        Filesize

        1KB

        MD5

        a856278c58307ab4ea439594420e5430

        SHA1

        a54dafa4c6e19bfa89654a1e58ad5b202f1726ef

        SHA256

        5ffcedcb587f73bd26192b846c654ac04b6d1c536233524e76eef8bf1005e2ad

        SHA512

        c2fcc19de229ec466c46f08ea300a92f36e8d29ddd51503c837cdc2d04f7c811279eb8ba548729c4a8ce68ce4ded2bcc6936c9c7832bd719dc5c336205bd9c34

        Download Submit