73e96c3ee0f24cf856330246b3cfa69aa25bb283654979025d783352cd31b647

Analysis

max time kernel
2s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2de20a6e17120c767f6d4cb4b929c420.exe
Size

336KB
MD5

2de20a6e17120c767f6d4cb4b929c420
SHA1

6a62c2a7215173bea114f9d63caabb2c1c5c06e4
SHA256

73e96c3ee0f24cf856330246b3cfa69aa25bb283654979025d783352cd31b647
SHA512

6605736142866ccbfb1f6fb5916fdd2ffe1c846f9f8f742fbee7ab65122d228e7c6885beca4f26c6f2f1bd872a012a0d760b017dc7123ad9b7eb1e5b4f9c2a58
SSDEEP

6144:tvSws1hI3XMAGlGGPotyJ5R+lagkFWJWeFeTCdRoYJBdKH4qlo6Y7:RnOhIulkiT4YecuvTixnY7

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7180	5316	WerFault.exe	95

Runs net.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe
4684	2de20a6e17120c767f6d4cb4b929c420.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4684	2de20a6e17120c767f6d4cb4b929c420.exe

C:\Users\Admin\AppData\Local\Temp\2de20a6e17120c767f6d4cb4b929c420.exe
"C:\Users\Admin\AppData\Local\Temp\2de20a6e17120c767f6d4cb4b929c420.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4684
- C:\Users\Admin\AppData\Local\Temp\2de20a6e17120c767f6d4cb4b929c420.exe
  C:\Users\Admin\AppData\Local\Temp\2de20a6e17120c767f6d4cb4b929c420.exe
  2⤵
  PID:29352
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\System32\net.exe" stop sharedaccess
    3⤵
    PID:28760
- - C:\Users\Admin\AppData\Local\Temp\2de20a6e17120c767f6d4cb4b929c420.exe
    C:\Users\Admin\AppData\Local\Temp\2de20a6e17120c767f6d4cb4b929c420.exe
    3⤵
    PID:5808
  - - C:\Users\Admin\AppData\Roaming\Firewall Host\cfmmon.exe
      "C:\Users\Admin\AppData\Roaming\Firewall Host\cfmmon.exe" in
      4⤵
      PID:5316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 1192
        5⤵
        Program crash
        
        PID:7180

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop sharedaccess
1⤵
PID:29568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5316 -ip 5316
1⤵
PID:7960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Firewall Host\cfmmon.exe

Filesize
67KB

MD5
05178730b38101801ec32c22d4861411

SHA1
4df57fa47d74c94a0602c3b2d9526720deaab372

SHA256
40b1a9b00c3c989d23dd50a626a89328944a58ea5be0ae3b34a686c40af957c6

SHA512
5d2780e7a68f52dedde68a4b6c7e12f2efb0b1022a126f6023ac66ee32591c8fc4999d9fd7405675709fecedf0957e9f5df1efad0dfc2b2979979ea98fba2a96

Download Submit
C:\Users\Admin\AppData\Roaming\Firewall Host\cfmmon.exe

Filesize
82KB

MD5
754680b181e06cad8e6dd4bf8cea4de8

SHA1
062302d709242fb731aefd50233360ebc560a906

SHA256
471dd535f8b5c159d4c8557f612ef83f112e3d035a255f200c30486bc0642402

SHA512
0db4f62377f2e1e93423f5edd9d5c051c4c8e1910ebae4715a81c76611ce65cc05fac8ee9acb9ca60a3b0a00b76a7740ae6cee4efac2ae07e272a28c3f94e3a9

Download Submit
C:\Users\Admin\AppData\Roaming\Firewall Host\cfmmon.exe

Filesize
47KB

MD5
bbf1f1fa8318e76ba76bdf103af9c6af

SHA1
dcaae3619d4ea5d8b2a0444a9f444477854cda9e

SHA256
7bb5e8f1dee849df4efceebdb9a42e4ecb66b725d85eedf8e16e141a9d5ea70b

SHA512
5bdfd9bafa4fe7f1abe96b5c5fcc9274cb3d57e7099e8e7c02e05d859d871a4def416d576b852b4a7515412d277340c52f971039bd62448035f7d2e0413dcd6a

Download Submit
memory/5808-13172-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5808-13182-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5808-13169-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/5808-13171-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/29352-12851-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/29352-12850-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/29352-12852-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/29352-13175-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/29352-12853-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/29352-12847-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/29352-12856-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/29352-12855-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download