77f9b0c7e54abbcfdc08c48cfa35cc2fb3ed66f24ad5b694942f92f8d56dc84c

Analysis

max time kernel
100s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

115262c95fca255228729fb13b1c06fb.exe
Size

110KB
MD5

115262c95fca255228729fb13b1c06fb
SHA1

9ba6a1df4c7faf6547b931c9e43852e70c372ec7
SHA256

77f9b0c7e54abbcfdc08c48cfa35cc2fb3ed66f24ad5b694942f92f8d56dc84c
SHA512

22dde974fe3c94ba52b72e5c5041134efbf31fe6a8e407f5c78540b27745f1ce1a7aab48e3a3fbeb85f09b863334b4c5f99307a471835dbbbb26e912c6b124d5
SSDEEP

3072:WNyah0mJ8VNVoRtmzUw06VyTBQNmHqfILEST:WwPVNi6h0NdQNHfLw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
400	matrix322614.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2920	400	WerFault.exe	18

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 400	3220	115262c95fca255228729fb13b1c06fb.exe	18
PID 3220 wrote to memory of 400	3220	115262c95fca255228729fb13b1c06fb.exe	18
PID 3220 wrote to memory of 400	3220	115262c95fca255228729fb13b1c06fb.exe	18

C:\Users\Admin\AppData\Local\Temp\115262c95fca255228729fb13b1c06fb.exe
"C:\Users\Admin\AppData\Local\Temp\115262c95fca255228729fb13b1c06fb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Users\Admin\AppData\Local\Temp\matrix322614.exe
  C:\Users\Admin\AppData\Local\Temp\matrix322614.exe
  2⤵
  - Executes dropped EXE
  PID:400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 228
    3⤵
    - Program crash
    PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 400 -ip 400
1⤵
PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\matrix322614.exe

Filesize
64KB

MD5
2e6ee751c89a44282b0f6e51c2169dc3

SHA1
5d4ecc7cfbec5822860ea466abd80859247ac6f0

SHA256
4e259443072290d6c71add18e03199f4c4ba26a351d74f505cdb64f83507688e

SHA512
6b3cbd805648202cd6f6b44c8286e8257b20f0d9fd28b84e96e54a434ffc5c3e0e5a961c0548016a3450a39d40da45eb2a49483658f1cc558e0cbe4f01575cd3

Download Submit
memory/400-4-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download