18fc8e8b9bce91864d897de0da7760963edcef91d5c7b15b2e8c4cde4421c315

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21f3f0839bf8249d1bc191f22e9d3db5.exe
Size

1.5MB
MD5

21f3f0839bf8249d1bc191f22e9d3db5
SHA1

94ade5dba04a37504fabf6a233ad3d36d58e2a3d
SHA256

18fc8e8b9bce91864d897de0da7760963edcef91d5c7b15b2e8c4cde4421c315
SHA512

b1fe4b42b3bf3c046aa6a28f2bc38cf3f8b311113de97cb3ba5322a78bdc06cf0ae2e0719f773b48d7e21be3d103ee2385805f374717dfeb4b649ecd002cf79a
SSDEEP

24576:IeA3sO3mVxkP0vxxkEmT1VK7MB0BPXiD7HwbpGMLMFlj6UNgs4voXALPCclZRT0Y:TA3736mcpxyq7XWQdGZj6C74vmALfUT8

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2356	21f3f0839bf8249d1bc191f22e9d3db5.exe
2356	21f3f0839bf8249d1bc191f22e9d3db5.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2736	2356	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2356	21f3f0839bf8249d1bc191f22e9d3db5.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2356	21f3f0839bf8249d1bc191f22e9d3db5.exe
2356	21f3f0839bf8249d1bc191f22e9d3db5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2736	2356	21f3f0839bf8249d1bc191f22e9d3db5.exe	28
PID 2356 wrote to memory of 2736	2356	21f3f0839bf8249d1bc191f22e9d3db5.exe	28
PID 2356 wrote to memory of 2736	2356	21f3f0839bf8249d1bc191f22e9d3db5.exe	28
PID 2356 wrote to memory of 2736	2356	21f3f0839bf8249d1bc191f22e9d3db5.exe	28

C:\Users\Admin\AppData\Local\Temp\21f3f0839bf8249d1bc191f22e9d3db5.exe
"C:\Users\Admin\AppData\Local\Temp\21f3f0839bf8249d1bc191f22e9d3db5.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 344
  2⤵
  - Program crash
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2356-0-0x0000000000400000-0x00000000007F2000-memory.dmp

Filesize
3.9MB

Download
memory/2356-1-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-3-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-5-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-7-0x0000000077D9F000-0x0000000077DA0000-memory.dmp

Filesize
4KB

Download
memory/2356-13-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-11-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-9-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-8-0x0000000077D9F000-0x0000000077DA0000-memory.dmp

Filesize
4KB

Download
memory/2356-18-0x0000000077D9F000-0x0000000077DA0000-memory.dmp

Filesize
4KB

Download
memory/2356-17-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-15-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-20-0x0000000000400000-0x00000000007F2000-memory.dmp

Filesize
3.9MB

Download
memory/2356-22-0x0000000077DA0000-0x0000000077DA1000-memory.dmp

Filesize
4KB

Download
memory/2356-23-0x0000000077F10000-0x0000000077F11000-memory.dmp

Filesize
4KB

Download
memory/2356-24-0x0000000000230000-0x0000000000274000-memory.dmp

Filesize
272KB

Download
memory/2356-29-0x0000000000230000-0x0000000000274000-memory.dmp

Filesize
272KB

Download
memory/2356-30-0x0000000000400000-0x00000000007F2000-memory.dmp

Filesize
3.9MB

Download