Overview

overview

7

Static

static

1

0312df8bb9...d8.exe

windows7-x64

7

0312df8bb9...d8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 03:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0312df8bb94c44622703271c514cb4d8.exe

  • Size

    1.3MB

  • MD5

    0312df8bb94c44622703271c514cb4d8

  • SHA1

    d00f8ad0ad81b0288edf186a45d19c5c9369e55d

  • SHA256

    2076e2e943b7e76afa7c33281593a83013bba3190508cafd297782502ff6e829

  • SHA512

    323e69df99a8619babb1651ea4f4e3bb385f54b4e70be12494cf0e64043d7e9bd8d7afff262f033fe004b7228517065674123dd39276b1718b3880a4119951b5

  • SSDEEP

    24576:HK6fxaOhc2dC3Rfzy41rWibAiCEydknBds0a0m1lK8Z:q6JpC3RLy41aibAiCE1Ps0a1LKq

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0312df8bb94c44622703271c514cb4d8.exe
    "C:\Users\Admin\AppData\Local\Temp\0312df8bb94c44622703271c514cb4d8.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Users\Admin\AppData\Local\Temp\0312df8bb94c44622703271c514cb4d8.exe
      "C:\Users\Admin\AppData\Local\Temp\0312df8bb94c44622703271c514cb4d8.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4764
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 2020
        3⤵
        • Program crash
        PID:4488
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 2076
        3⤵
        • Program crash
        PID:4088
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4764 -ip 4764
    1⤵
      PID:1172
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4764 -ip 4764
      1⤵
        PID:4512

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3004-0-0x0000000000400000-0x0000000000674000-memory.dmp

              Filesize

              2.5MB

              Download

            • memory/3004-2-0x0000000000400000-0x0000000000674000-memory.dmp

              Filesize

              2.5MB

              Download

            • memory/4764-1-0x0000000000400000-0x00000000004F6000-memory.dmp

              Filesize

              984KB

              Download

            • memory/4764-3-0x0000000000400000-0x00000000004F6000-memory.dmp

              Filesize

              984KB

              Download

            • memory/4764-4-0x0000000000400000-0x00000000004F6000-memory.dmp

              Filesize

              984KB

              Download

            • memory/4764-5-0x0000000000400000-0x00000000004F6000-memory.dmp

              Filesize

              984KB

              Download

            • memory/4764-6-0x0000000000400000-0x00000000004F6000-memory.dmp

              Filesize

              984KB

              Download

            • memory/4764-7-0x0000000000400000-0x00000000004F6000-memory.dmp

              Filesize

              984KB

              Download

            • memory/4764-8-0x0000000000400000-0x00000000004F6000-memory.dmp

              Filesize

              984KB

              Download

            • memory/4764-9-0x0000000000400000-0x00000000004F6000-memory.dmp

              Filesize

              984KB

              Download