Analysis
-
max time kernel
91s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19-12-2023 18:00
Static task
static1
Behavioral task
behavioral1
Sample
70bdc622d4ecb4da6eb1d3a5f98652ab.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
70bdc622d4ecb4da6eb1d3a5f98652ab.exe
Resource
win10v2004-20231215-en
General
-
Target
70bdc622d4ecb4da6eb1d3a5f98652ab.exe
-
Size
90KB
-
MD5
70bdc622d4ecb4da6eb1d3a5f98652ab
-
SHA1
6be9177289178f1799ca1241a35e94d24089148e
-
SHA256
f82516c78483b315b21307bcbecd66273dfa1963f3ffa9d2609df6341e00a95e
-
SHA512
f04a3df175241f72c85c6eb4e447aebb8f8832d09327c9f80a661e318cb265bc7b7a0490575f9c80e3142e493fc95588d7cca4e4c230ce09b93ab535a6e66c39
-
SSDEEP
1536:804f1SMHjZ0k/tB1g//I0DuoxbxAHscmbiMKoEYP34B53FgAMKgNqpdcLc:ef1BDZ0kVB67Duw9AMcmbiMEeIb3PFgK
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
70bdc622d4ecb4da6eb1d3a5f98652ab.exepid process 2776 70bdc622d4ecb4da6eb1d3a5f98652ab.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3376 2776 WerFault.exe 70bdc622d4ecb4da6eb1d3a5f98652ab.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
70bdc622d4ecb4da6eb1d3a5f98652ab.exedescription pid process target process PID 2776 wrote to memory of 4820 2776 70bdc622d4ecb4da6eb1d3a5f98652ab.exe 70bdc622d4ecb4da6eb1d3a5f98652ab.exe PID 2776 wrote to memory of 4820 2776 70bdc622d4ecb4da6eb1d3a5f98652ab.exe 70bdc622d4ecb4da6eb1d3a5f98652ab.exe PID 2776 wrote to memory of 4820 2776 70bdc622d4ecb4da6eb1d3a5f98652ab.exe 70bdc622d4ecb4da6eb1d3a5f98652ab.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\70bdc622d4ecb4da6eb1d3a5f98652ab.exe"C:\Users\Admin\AppData\Local\Temp\70bdc622d4ecb4da6eb1d3a5f98652ab.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2776 -
C:\Users\Admin\AppData\Local\Temp\70bdc622d4ecb4da6eb1d3a5f98652ab.exe"C:\Users\Admin\AppData\Local\Temp\70bdc622d4ecb4da6eb1d3a5f98652ab.exe"2⤵PID:4820
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 9522⤵
- Program crash
PID:3376
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2776 -ip 27761⤵PID:1224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5fccff8cb7a1067e23fd2e2b63971a8e1
SHA130e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA2566fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
SHA512f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c