12c04eccd804bd036bcf48c982e3e112db3653cb2d27e7be50cdfb13632d5f4e

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 14:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

88ad02e3615b8d827699ecfc299e30e3.exe
Size

5.9MB
MD5

88ad02e3615b8d827699ecfc299e30e3
SHA1

dca167918adcf1b5c69fba1b529615355d41478c
SHA256

12c04eccd804bd036bcf48c982e3e112db3653cb2d27e7be50cdfb13632d5f4e
SHA512

a069a17485cf297081fbea4294c6dce52856f853e3ff64551e2f687401917bc22f2239d5a7fa258b55dffe421ac0d918d21b0762fbd7c22d285a1b01944a1b0c
SSDEEP

98304:xTOo5aLcJCkaHEGMFOse0lVIx+3z+mFX2SQngZShdkONdzow3hu/vADK0gnexQEA:J5E2XrG2Os7Vw+3Z2F3vlnow34/IG9ec

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2900	WebBrowser2.exe

Loads dropped DLL 9 IoCs

pid	Process
2240	88ad02e3615b8d827699ecfc299e30e3.exe
2240	88ad02e3615b8d827699ecfc299e30e3.exe
2240	88ad02e3615b8d827699ecfc299e30e3.exe
2240	88ad02e3615b8d827699ecfc299e30e3.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2684	2900	WerFault.exe	28

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2900	2240	88ad02e3615b8d827699ecfc299e30e3.exe	28
PID 2240 wrote to memory of 2900	2240	88ad02e3615b8d827699ecfc299e30e3.exe	28
PID 2240 wrote to memory of 2900	2240	88ad02e3615b8d827699ecfc299e30e3.exe	28
PID 2240 wrote to memory of 2900	2240	88ad02e3615b8d827699ecfc299e30e3.exe	28
PID 2900 wrote to memory of 2684	2900	WebBrowser2.exe	29
PID 2900 wrote to memory of 2684	2900	WebBrowser2.exe	29
PID 2900 wrote to memory of 2684	2900	WebBrowser2.exe	29
PID 2900 wrote to memory of 2684	2900	WebBrowser2.exe	29

C:\Users\Admin\AppData\Local\Temp\88ad02e3615b8d827699ecfc299e30e3.exe
"C:\Users\Admin\AppData\Local\Temp\88ad02e3615b8d827699ecfc299e30e3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\WebBrowser2.exe
  "C:\Users\Admin\AppData\Local\Temp\WebBrowser2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 128
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit
\Users\Admin\AppData\Local\Temp\WebBrowser2.exe

Filesize
103.5MB

MD5
0627fe8b292018c58a1bb7b35034fa42

SHA1
6ab80265d56b0b87f385c13711b2107d003c958b

SHA256
0ba8321010d59e010d170c60940a5f9b047a4cb0bae412510963245336d4e919

SHA512
453c4b80a0ed0b656a9f9760a990086b94077097fad5ea08cfc3dbd0aa2c61e9fe7060d286705ebaf077699ca1e2927540eba1571365866da41d15d5bf9bc7b5

Download Submit