Analysis
-
max time kernel
146s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 02:19
Static task
static1
Behavioral task
behavioral1
Sample
0b6fd9f0eda46983a5df44c086e9f073.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0b6fd9f0eda46983a5df44c086e9f073.exe
Resource
win10v2004-20231215-en
General
-
Target
0b6fd9f0eda46983a5df44c086e9f073.exe
-
Size
1.2MB
-
MD5
0b6fd9f0eda46983a5df44c086e9f073
-
SHA1
65e9a9a2a550d30cc497686a7c17900576b0a501
-
SHA256
3f7ef3fcc9141ed9a7d7620c90325356956947add46038ece8167d8c5028273e
-
SHA512
a32fd364fc804c4275dc5f641e355d4dfd481336a4e67791437941a1c599d55c15b4707149d283e2b86bb502c652c3707c6df67256a353f96632b3e02656f747
-
SSDEEP
24576:YNC4WivbbYqTkj7wtLCeEIOfN4wZvK7G2SLlZ8dwkVGDs09du:MRvbbYqYj7QCeXyKyK7G2SsuMGDlG
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid Process 92 628 rundll32.exe -
Loads dropped DLL 1 IoCs
Processes:
rundll32.exepid Process 628 rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 3488 4976 WerFault.exe 17 -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
0b6fd9f0eda46983a5df44c086e9f073.exedescription pid Process procid_target PID 4976 wrote to memory of 628 4976 0b6fd9f0eda46983a5df44c086e9f073.exe 55 PID 4976 wrote to memory of 628 4976 0b6fd9f0eda46983a5df44c086e9f073.exe 55 PID 4976 wrote to memory of 628 4976 0b6fd9f0eda46983a5df44c086e9f073.exe 55
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b6fd9f0eda46983a5df44c086e9f073.exe"C:\Users\Admin\AppData\Local\Temp\0b6fd9f0eda46983a5df44c086e9f073.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4976 -
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\0B6FD9~1.TMP,S C:\Users\Admin\AppData\Local\Temp\0B6FD9~1.EXE2⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:628
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 4922⤵
- Program crash
PID:3488
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4976 -ip 49761⤵PID:4768
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD541cb9e4d9a1126525a6ecd62435362a4
SHA122b380da6d27aca1d7665b10ce8d469d68d57b19
SHA256778a6b29042ca4279b0b49ee6e128d586f567acfa003b9f144b276ceccdec3a4
SHA5121807ce7d4e5e5ea6057b603f6a662f11bbc14a054644efccadd07744894ea2039a077faa3653a129e738ee5d6023805a3dc164558b740d49f27561ace92c4f1e
-
Filesize
28KB
MD59c4e443e2dba7f70ecccae301eae8767
SHA1a290ed23c9822b10e8a7ed76a4aa20208e2224bd
SHA256da41b5c51d7afff773ccd16bbbb80180bf4cd848260da0fc410ce948ac8b40a6
SHA512b81f98bf5064b68988e33d70e058ce751dc5503335714090b0f355be524b101add5fd03fff68eebbe6743f7e7f1128deffd40acee96c2c5279f936dc903da7d4