Overview

overview

7

Static

static

3

6a67a3de2d...56.exe

windows7-x64

7

6a67a3de2d...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a67a3de2d92609840ebfe0ce6c60056.exe

  • Size

    186KB

  • MD5

    6a67a3de2d92609840ebfe0ce6c60056

  • SHA1

    050cf73429baf916a6e6d1f54e59e0aad47c1db6

  • SHA256

    f8bf7cc51302750af2bbad1e26dbcd5dc72861569fc5fd2f266d486b8cb05188

  • SHA512

    ac1599c35499fdc7aeee325cb372fa7675dfe5e1575baab99cb50872be5b8cb50f0c3a8ac56f0cda2e5bc04389de9cf7ba6ecffdca5e36caff1f408798ea2259

  • SSDEEP

    3072:UemgC3vaCO5dJlVbEDRyORp1Can7YA2gHVQbg+aGPNgJBpQmDd9hq4XLE:HmfabTWRyORpY07SgWgFONwBumDd9b

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe
    "C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 384
      2⤵
      • Program crash
      PID:1624
    • C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe
      C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:856
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 344
        3⤵
        • Program crash
        PID:4944
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5024 -ip 5024
    1⤵
      PID:4860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 856 -ip 856
      1⤵
        PID:5044

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe
        Filesize

        186KB

        MD5

        cca00d45dd3992d28f0f6eab1f840b33

        SHA1

        c52c3250cd5d4367242aee3e264ecb6e1b88b2cd

        SHA256

        a31fad40911d24ff22eed65b04a0bc2281f4646ef288509280915da70f07347a

        SHA512

        a4f66ed6fa97ceb8df6416ed83d7f033fab1fb2c4244eeea99976840dfb38c3552084f206af427ca34fef4ba2b899b643309712fa570f76704e6e4972143f990

        Download Submit

      • memory/856-7-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/856-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/856-13-0x00000000014C0000-0x00000000014F6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5024-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/5024-6-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download