Overview

overview

7

Static

static

1

0027cace80...da.exe

windows7-x64

7

0027cace80...da.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 18:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0027cace809a50cd85cea40e908577da.exe

  • Size

    578KB

  • MD5

    0027cace809a50cd85cea40e908577da

  • SHA1

    c3bf0fe553a4e52a973b6a0cc9f2f5425c6fa4c6

  • SHA256

    113f64711175682cf9bdf85b10c2183c38bdb5d763222780ccb002abadc53c75

  • SHA512

    e7782ae6d6994436623ee0a923a6670ba8ae7bf38043a38fcb2f00f932134075a79e36c68cd583aecbd9677beccc2c9554d73f4693ccb1111710fbc9c7649cfa

  • SSDEEP

    12288:0PkZnNZwi3ZlYq/jVIO00rY/qMdb4GtcZy7HyLXz3v/Os3eSPclCR0B:2KN+qlYKjVz00rYiMd8z3vmsuSPc0R0B

Score
7/10
discovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0027cace809a50cd85cea40e908577da.exe
    "C:\Users\Admin\AppData\Local\Temp\0027cace809a50cd85cea40e908577da.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetWindowsHookEx
    PID:4076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 2580
      2⤵
      • Program crash
      PID:3388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 2544
      2⤵
      • Program crash
      PID:2736
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4076 -ip 4076
    1⤵
      PID:4828
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4076 -ip 4076
      1⤵
        PID:4508

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4076-0-0x0000000000400000-0x00000000005DD000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4076-1-0x0000000000400000-0x00000000005DD000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4076-14-0x0000000000400000-0x00000000005DD000-memory.dmp

        Filesize

        1.9MB

        Download