Overview

overview

5

Static

static

3

10954e6a84...e8.exe

windows7-x64

5

10954e6a84...e8.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    155s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 08:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    10954e6a842f7fc233d2e4c159dd9de8.exe

  • Size

    59KB

  • MD5

    10954e6a842f7fc233d2e4c159dd9de8

  • SHA1

    e3a8016748932ebb8416ad562a763b2886f127d8

  • SHA256

    7bf4209bd3d7973b5061883db3f5aaf286a61f630406680ec0aedca6e04bf175

  • SHA512

    eab8a4d76f23a8a0a799f430e2211aa43ebf9a3f9e8cd710bf8e6d811086624ab61e43ca2ff98d59fcfac898c40e98a57a48e774b88e5c56270ebc2df6d26797

  • SSDEEP

    1536:UrJFr8sK23DxXTV2AkMQ96UZzX/2DBmthpahU0+v:UrJesK2t8AkMQXZjABI4hU0+v

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10954e6a842f7fc233d2e4c159dd9de8.exe
    "C:\Users\Admin\AppData\Local\Temp\10954e6a842f7fc233d2e4c159dd9de8.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Users\Admin\AppData\Local\Temp\10954e6a842f7fc233d2e4c159dd9de8.exe
      C:\Users\Admin\AppData\Local\Temp\10954e6a842f7fc233d2e4c159dd9de8.exe
      2⤵
        PID:5000
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 984
          3⤵
          • Program crash
          PID:5076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5000 -ip 5000
      1⤵
        PID:3344

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3644-0-0x0000000010000000-0x0000000010018000-memory.dmp

              Filesize

              96KB

              Download

            • memory/3644-3-0x0000000010000000-0x0000000010018000-memory.dmp

              Filesize

              96KB

              Download

            • memory/5000-1-0x0000000000400000-0x0000000000451000-memory.dmp

              Filesize

              324KB

              Download

            • memory/5000-4-0x0000000000400000-0x0000000000451000-memory.dmp

              Filesize

              324KB

              Download

            • memory/5000-5-0x0000000000400000-0x0000000000451000-memory.dmp

              Filesize

              324KB

              Download

            • memory/5000-6-0x0000000000400000-0x0000000000451000-memory.dmp

              Filesize

              324KB

              Download