Overview

overview

7

Static

static

1

02364c9448...4d.exe

windows7-x64

1

02364c9448...4d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 03:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    02364c944866253f99eff3366f6ff14d.exe

  • Size

    755KB

  • MD5

    02364c944866253f99eff3366f6ff14d

  • SHA1

    67abc47df40d79f63d8984db8829b56fc1ba4234

  • SHA256

    2232ce6f63f45d5fe6c9bfc1ccfe346be0d008316ef5b0a589748c7032bddb74

  • SHA512

    c486bd6af2db2a05a7b97a2cb32b9f3c51d875ede5eed75c6ddee280eae31f26c13fef5ed4fbfbcd5ff6f525a7285e87a72160bf367ad6970cef755716290b31

  • SSDEEP

    12288:hQN20eCofhgVDNuK40ufbN64b6slOJ5B/N2j+aFUnQn53CI2tjyufeKPx:+40eCoJgD8H3T04nARN2H6nQn53lQjyA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02364c944866253f99eff3366f6ff14d.exe
    "C:\Users\Admin\AppData\Local\Temp\02364c944866253f99eff3366f6ff14d.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4396
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 788
        3⤵
        • Program crash
        PID:4136
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4396 -ip 4396
    1⤵
      PID:1220

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\setup.exe
            Filesize

            92KB

            MD5

            50ae74bc941522e975f4e497f7801d9a

            SHA1

            c8359c17e27da9dfe728cd3cc03783177bd69de7

            SHA256

            038ddccba381112b638f78ae6d1f7af4d167cb50c9e3bbcd64000536d750bb4f

            SHA512

            c26f15693fd08f13a014a5d6cc075e82b5cdffa51fe8c2e891605350cadba3655e510bf80d2b80b9aba771f8dfbce627963d66e385ff2b67accfa084225538a6

            Download Submit

          • memory/1396-0-0x0000000000400000-0x000000000066D000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/1396-1-0x0000000000400000-0x000000000066D000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/1396-6-0x0000000000400000-0x000000000066D000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/4396-7-0x0000000000400000-0x000000000066D000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/4396-8-0x0000000000400000-0x000000000066D000-memory.dmp

            Filesize

            2.4MB

            Download