81892413d320e87801f15b8dc4d423c4ebc728677a53cee506f0ebca9b9272eb

Analysis

max time kernel
137s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

49cc8f073693d1d8a223510a7eb7a31c.exe
Size

657KB
MD5

49cc8f073693d1d8a223510a7eb7a31c
SHA1

0c391bbeb567d9d978d50bc0cc7fc6cc5ffe0e94
SHA256

81892413d320e87801f15b8dc4d423c4ebc728677a53cee506f0ebca9b9272eb
SHA512

5473a2b19871862045b312a1ec569985d87603aa622e7ccac98bc3016e81748edfd99adeb6572ecabce667712f36009ad9138293fe19d44cf0016f1d8960dbee
SSDEEP

12288:jwl+tqG0AfIhdX8fr70t7QTyh8WAjKmoF3Z4mxxkFgRXswWV4PG:t0AfqB8j7I1lQmXdsaG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
952	L_Server2007.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\L_Server2007.exe	49cc8f073693d1d8a223510a7eb7a31c.exe
File opened for modification	C:\Windows\L_Server2007.exe	49cc8f073693d1d8a223510a7eb7a31c.exe
File created	C:\Windows\uninstal.bat	49cc8f073693d1d8a223510a7eb7a31c.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
832	952	WerFault.exe	40

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 4496	3492	49cc8f073693d1d8a223510a7eb7a31c.exe	97
PID 3492 wrote to memory of 4496	3492	49cc8f073693d1d8a223510a7eb7a31c.exe	97
PID 3492 wrote to memory of 4496	3492	49cc8f073693d1d8a223510a7eb7a31c.exe	97

C:\Users\Admin\AppData\Local\Temp\49cc8f073693d1d8a223510a7eb7a31c.exe
"C:\Users\Admin\AppData\Local\Temp\49cc8f073693d1d8a223510a7eb7a31c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:4496

C:\Windows\L_Server2007.exe
C:\Windows\L_Server2007.exe
1⤵
- Executes dropped EXE
PID:952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 432
  2⤵
  - Program crash
  PID:832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 952 -ip 952
1⤵
PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\L_Server2007.exe

Filesize
1KB

MD5
25f41e7d58cda6a398789eb1cf651071

SHA1
a3956950c42bf25945303df298f6366abb16cd34

SHA256
e98bf81858b6cfa9bcd20ed62cd779870144647cf94e148b5d5fa7881fe4b0b7

SHA512
81416603fd5d64e7bcbf8beeeb79512f8d0da1235800124352bdf4a7415745ec4e189f2a27aba8142d2da3c3ac48285d998e23f65fe3e36b7833876ce5e45953

Download Submit
C:\Windows\uninstal.bat

Filesize
190B

MD5
dca0e6e0be387ce7dcc6e1aa70170e12

SHA1
a7ed08b3a14dfe1503fdf90cb8bf0f3b4c10595a

SHA256
f53f0309f0b698a123e681dab307eb3a53ce28e29d979baff7ca7aeda63a4a02

SHA512
2ac66448549f208e5d5ea9c4deb8c1b00d7ee9e6e9c09f2d135cdd3cfbb5f14c9baf85df5cb7fa53b59cf76472a424276c7ed9798070157463a74e73225c45c4

Download Submit
memory/952-79-0x0000000013140000-0x0000000013255000-memory.dmp

Filesize
1.1MB

Download
memory/3492-0-0x0000000013140000-0x0000000013255000-memory.dmp

Filesize
1.1MB

Download
memory/3492-1-0x00000000021D0000-0x0000000002224000-memory.dmp

Filesize
336KB

Download
memory/3492-2-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/3492-17-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-22-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-26-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-31-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-34-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-37-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-39-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-38-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-41-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-45-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-48-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-50-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-54-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-53-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-52-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-55-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-56-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-51-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-58-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-59-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-57-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-49-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-60-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-63-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-65-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-64-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-62-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-61-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-47-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-46-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-44-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-43-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-42-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-40-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-35-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-36-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-33-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-32-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-30-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-29-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-28-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-27-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-25-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-24-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-23-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-21-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-20-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-19-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-18-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-14-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/3492-13-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/3492-12-0x00000000033B0000-0x00000000033B2000-memory.dmp

Filesize
8KB

Download
memory/3492-11-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/3492-10-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/3492-9-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/3492-8-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3492-7-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/3492-6-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/3492-5-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/3492-4-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/3492-3-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/3492-78-0x0000000013140000-0x0000000013255000-memory.dmp

Filesize
1.1MB

Download
memory/3492-111-0x0000000013140000-0x0000000013255000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads