20d3d6cbf2a63290b7f1c2eb4a0a72cf6502552942f02b4b0b51d37ee1b33fae

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ff2e5bb6fef3c4e2f8936c60035f432.exe
Size

1.5MB
MD5

1ff2e5bb6fef3c4e2f8936c60035f432
SHA1

dc99bdff91ef5de2f7ef82d860492b534e8385b1
SHA256

20d3d6cbf2a63290b7f1c2eb4a0a72cf6502552942f02b4b0b51d37ee1b33fae
SHA512

f121f895b7e7cb1a6d14400fe62ddbaee14a7aeb5e28b9761ba99b91efde44d62e1b654419e9a849ff86c3399ed6e62bb473fef7eead40e764d000add6cf7ce0
SSDEEP

24576:aIad51fxmrNQFsbZcnSTjSItuDekfbh8OCgvCUje4mOjhTIh7ZJPVI:aVrxmhQmbZcnST2SuaPcLFTcZJPu

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe
1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2512	1696	WerFault.exe	16

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe
1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2512	1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe	28
PID 1696 wrote to memory of 2512	1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe	28
PID 1696 wrote to memory of 2512	1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe	28
PID 1696 wrote to memory of 2512	1696	1ff2e5bb6fef3c4e2f8936c60035f432.exe	28

C:\Users\Admin\AppData\Local\Temp\1ff2e5bb6fef3c4e2f8936c60035f432.exe
"C:\Users\Admin\AppData\Local\Temp\1ff2e5bb6fef3c4e2f8936c60035f432.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 344
  2⤵
  - Program crash
  PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-0-0x0000000000400000-0x00000000007E1000-memory.dmp

Filesize
3.9MB

Download
memory/1696-5-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-18-0x0000000076EFF000-0x0000000076F00000-memory.dmp

Filesize
4KB

Download
memory/1696-16-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-20-0x0000000076F00000-0x0000000076F01000-memory.dmp

Filesize
4KB

Download
memory/1696-28-0x0000000000230000-0x0000000000274000-memory.dmp

Filesize
272KB

Download
memory/1696-23-0x0000000000230000-0x0000000000274000-memory.dmp

Filesize
272KB

Download
memory/1696-22-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-19-0x0000000000400000-0x00000000007E1000-memory.dmp

Filesize
3.9MB

Download
memory/1696-14-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-12-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-10-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-8-0x0000000076EFF000-0x0000000076F00000-memory.dmp

Filesize
4KB

Download
memory/1696-7-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-3-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-1-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/1696-29-0x0000000000400000-0x00000000007E1000-memory.dmp

Filesize
3.9MB

Download