Overview

overview

8

Static

static

3

7ade31e485...e9.exe

windows7-x64

8

7ade31e485...e9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ade31e485c4e7500d6e52288f0abfe9.exe

  • Size

    120KB

  • MD5

    7ade31e485c4e7500d6e52288f0abfe9

  • SHA1

    794d374658b19fe90c92fcbe70c7277cf756b30c

  • SHA256

    c252139e031854594312b717ea84c8d71a2089667421a6046dea0ce9e7e8c08c

  • SHA512

    96dac847de6ea633a872aead04eae2b92557129d895ad2b98b54cee613c87a9ee4c16303e1775f85fe12a12be788a1f09fb7f23b12e45aac4621ee47066fec97

  • SSDEEP

    3072:N/uEwf9se/JUkxR9uSstfCojxsdQk9sgc:N/uffOCuQRZstFxsdl9s

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ade31e485c4e7500d6e52288f0abfe9.exe
    "C:\Users\Admin\AppData\Local\Temp\7ade31e485c4e7500d6e52288f0abfe9.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4100
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 536
      2⤵
      • Program crash
      PID:4196
    • C:\Program Files\CTFMOM.EXE
      "C:\Program Files\CTFMOM.EXE"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3944
      • C:\Windows\SysWOW64\userinit.exe
        C:\Windows\SYSTEM32\userinit.exe
        3⤵
          PID:4396
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4100 -ip 4100
      1⤵
        PID:4804
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3944 -ip 3944
        1⤵
          PID:4620
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 532
          1⤵
          • Program crash
          PID:4256
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 512
          1⤵
          • Program crash
          PID:4664
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4396 -ip 4396
          1⤵
            PID:4896

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\CTFMOM.EXE
            Filesize

            120KB

            MD5

            7ade31e485c4e7500d6e52288f0abfe9

            SHA1

            794d374658b19fe90c92fcbe70c7277cf756b30c

            SHA256

            c252139e031854594312b717ea84c8d71a2089667421a6046dea0ce9e7e8c08c

            SHA512

            96dac847de6ea633a872aead04eae2b92557129d895ad2b98b54cee613c87a9ee4c16303e1775f85fe12a12be788a1f09fb7f23b12e45aac4621ee47066fec97

            Download Submit

          • memory/3944-6-0x0000000010000000-0x0000000010024200-memory.dmp

            Filesize

            144KB

            Download

          • memory/3944-9-0x0000000010000000-0x0000000010024200-memory.dmp

            Filesize

            144KB

            Download

          • memory/4100-0-0x0000000010000000-0x0000000010024200-memory.dmp

            Filesize

            144KB

            Download

          • memory/4100-10-0x0000000010000000-0x0000000010024200-memory.dmp

            Filesize

            144KB

            Download

          • memory/4396-11-0x0000000010000000-0x0000000010025000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4396-8-0x0000000010000000-0x0000000010025000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4396-12-0x0000000010000000-0x0000000010025000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4396-7-0x0000000010000000-0x0000000010025000-memory.dmp

            Filesize

            148KB

            Download