Overview

overview

3

Static

static

1

14fbb5cf55...08.exe

windows7-x64

3

14fbb5cf55...08.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 22:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    14fbb5cf55492b3241cce156a35d4908.exe

  • Size

    118KB

  • MD5

    14fbb5cf55492b3241cce156a35d4908

  • SHA1

    73208f7713586c77bc4cad0461d7ef6881265ee9

  • SHA256

    789c562b050e4467b6032fb7e7039421f25028a6e03e15c0ccb2e339781aab82

  • SHA512

    47a4ba81db8bd78ba79e8e82204513a5fd8d7a008f1a808a7d577a246b9cc40d6075f3aeaf11af99d3660fc92dcaa55474cd7a817cf32aca16c3695e6d7f2b54

  • SSDEEP

    1536:h4ujwGrwYNhIqw8isuP4De0McLpnFld/f/ogppMc1MiFsWjcd2m+n9yv18vYS:fwh8yJBaMcVeEp/qh+ngv18vYS

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14fbb5cf55492b3241cce156a35d4908.exe
    "C:\Users\Admin\AppData\Local\Temp\14fbb5cf55492b3241cce156a35d4908.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1156
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 760
      2⤵
      • Program crash
      PID:2968

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads