e66c073a7b8d8a99950a731445c7d62528203a901e04c29fa400c97c56e2e310

Analysis

max time kernel
142s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02084e8d1482d1ee0d57d5e3d173220c.exe
Size

548KB
MD5

02084e8d1482d1ee0d57d5e3d173220c
SHA1

34cced1ec1d33242954676f8c4a66d3184ea46a3
SHA256

e66c073a7b8d8a99950a731445c7d62528203a901e04c29fa400c97c56e2e310
SHA512

b7e8461e831d516c4a79ecd5458f72e31812abe1a98df5852aecdec8b6a7bdc7ce11cddebd46abe96d0f00cc170c468e985454a46adadd9895a1fc1b52842e85
SSDEEP

12288:ruXz+6yYrqyTh+jOsxgRISEgA/Y0ri9LdP7UNlKcm1vi3mGft:u+6rhqNuW/Y0OLanRMK37f

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2764	2224	WerFault.exe	19

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}	02084e8d1482d1ee0d57d5e3d173220c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\02084e8d1482d1ee0d57d5e3d173220c.exe"	02084e8d1482d1ee0d57d5e3d173220c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\02084e8d1482d1ee0d57d5e3d173220c.MyNSHandler\Clsid\ = "{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}"	02084e8d1482d1ee0d57d5e3d173220c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\ProgID	02084e8d1482d1ee0d57d5e3d173220c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\ProgID\ = "02084e8d1482d1ee0d57d5e3d173220c.MyNSHandler"	02084e8d1482d1ee0d57d5e3d173220c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\ = "this is my ebook"	02084e8d1482d1ee0d57d5e3d173220c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\LocalServer32	02084e8d1482d1ee0d57d5e3d173220c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\02084e8d1482d1ee0d57d5e3d173220c.MyNSHandler	02084e8d1482d1ee0d57d5e3d173220c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\02084e8d1482d1ee0d57d5e3d173220c.MyNSHandler\ = "this is my ebook"	02084e8d1482d1ee0d57d5e3d173220c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\02084e8d1482d1ee0d57d5e3d173220c.MyNSHandler\Clsid	02084e8d1482d1ee0d57d5e3d173220c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2764	2224	02084e8d1482d1ee0d57d5e3d173220c.exe	28
PID 2224 wrote to memory of 2764	2224	02084e8d1482d1ee0d57d5e3d173220c.exe	28
PID 2224 wrote to memory of 2764	2224	02084e8d1482d1ee0d57d5e3d173220c.exe	28
PID 2224 wrote to memory of 2764	2224	02084e8d1482d1ee0d57d5e3d173220c.exe	28

C:\Users\Admin\AppData\Local\Temp\02084e8d1482d1ee0d57d5e3d173220c.exe
"C:\Users\Admin\AppData\Local\Temp\02084e8d1482d1ee0d57d5e3d173220c.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 396
  2⤵
  - Program crash
  PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2224-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2224-1-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2224-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads