Overview

overview

7

Static

static

1

625e7e743e...27.exe

windows7-x64

1

625e7e743e...27.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    70s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 09:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    625e7e743e2b55f0decbbd806c33f727.exe

  • Size

    1.1MB

  • MD5

    625e7e743e2b55f0decbbd806c33f727

  • SHA1

    de0a98e03953b90d374ac0ccb79622ed15c43dce

  • SHA256

    244be4e2db5e6b5757cc030d9f719257532725f30f1207261db941bc9c477903

  • SHA512

    ce20cebc1cf62f6ebca091c7e7d4bad68eeeee527c895fc22454d56bc001a5761e800b7444e8f229cc5af350479cd75ff4bea8efc5f27319d5c576033f81c26c

  • SSDEEP

    12288:zkP9YgDp9RgVyuYqNAPxz2Y6KLvOnR/jdMaI/VqcXXoXRgYNth7WFD1LgJu2uQtM:zkvDp9aEvkpMasXXceQHSFD1LzXffBT

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\625e7e743e2b55f0decbbd806c33f727.exe
    "C:\Users\Admin\AppData\Local\Temp\625e7e743e2b55f0decbbd806c33f727.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Users\Admin\AppData\Local\Temp\625e7e743e2b55f0decbbd806c33f727.exe
      "C:\Users\Admin\AppData\Local\Temp\625e7e743e2b55f0decbbd806c33f727.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:5024
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 2024
        3⤵
        • Program crash
        PID:3536
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 2068
        3⤵
        • Program crash
        PID:5016
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5024 -ip 5024
    1⤵
      PID:2672
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5024 -ip 5024
      1⤵
        PID:4720

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/5024-1-0x0000000000400000-0x0000000000522000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/5024-2-0x0000000000400000-0x0000000000522000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/5024-3-0x0000000000400000-0x0000000000522000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/5024-0-0x0000000000400000-0x0000000000522000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/5024-4-0x0000000000400000-0x0000000000522000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/5024-5-0x0000000000400000-0x0000000000522000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/5024-6-0x0000000000400000-0x0000000000522000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/5024-7-0x0000000000400000-0x0000000000522000-memory.dmp

              Filesize

              1.1MB

              Download