Overview

overview

7

Static

static

3

102d5c258a...53.exe

windows7-x64

7

102d5c258a...53.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 05:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    102d5c258a7b6763c815e4a13289de53.exe

  • Size

    128KB

  • MD5

    102d5c258a7b6763c815e4a13289de53

  • SHA1

    a85763b133602186738eeddcf0f3dd88a84ae688

  • SHA256

    33f3761cdb7fbda4e8b4ebc4b8a3618725bf173573b58564d201b56982f15090

  • SHA512

    30472b8ae929ef709b27be7c05da71a22e30f147ca97baa86d28c5b078ddde5db2e30eb8394d0506925301cf21a98d226dd755c00018aa06fed8eb9428cc916b

  • SSDEEP

    1536:7wYIXpCk4C1tR6eCDM/y9EFW/fH1mYs4ofwrz2XmKvAtItaXqWtt:7NetDoEFW1IgfwmK4tU67tt

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\102d5c258a7b6763c815e4a13289de53.exe
    "C:\Users\Admin\AppData\Local\Temp\102d5c258a7b6763c815e4a13289de53.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\AppData\Local\Temp\102d5c258a7b6763c815e4a13289de53.exe
      C:\Users\Admin\AppData\Local\Temp\102d5c258a7b6763c815e4a13289de53.exe
      2⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Users\Admin\AppData\Roaming\taskhost.exe
        C:\Users\Admin\AppData\Roaming\taskhost.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4644
        • C:\Users\Admin\AppData\Roaming\taskhost.exe
          C:\Users\Admin\AppData\Roaming\taskhost.exe
          4⤵
          • Executes dropped EXE
          PID:4664
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 256
          4⤵
          • Program crash
          PID:1104
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 256
      2⤵
      • Program crash
      PID:2496
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2512 -ip 2512
    1⤵
      PID:960
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4644 -ip 4644
      1⤵
        PID:1588

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Roaming\taskhost.exe
              Filesize

              128KB

              MD5

              c2cf1f5544045e9b17bd68bc0636c2a7

              SHA1

              6566abea1e2200f12572c54269b77cd65d649ef4

              SHA256

              776c7e9ebc6c60ca56c54e1ebfdb7183dcb590ce559dca1928cc64de82a14dfa

              SHA512

              f963da64b9800f42318ce3ec3d4bcdb92791908221917ac56e41145a2265543df85fbfd0ea476b7e0fdc74b3a7ddac83c3b2ae1b40a97b53d97f5cc986f87b89

              Download Submit

            • memory/1232-0-0x0000000000400000-0x000000000042A000-memory.dmp

              Filesize

              168KB

              Download

            • memory/1232-1-0x0000000000400000-0x000000000042A000-memory.dmp

              Filesize

              168KB

              Download

            • memory/1232-2-0x0000000000400000-0x000000000042A000-memory.dmp

              Filesize

              168KB

              Download

            • memory/1232-11-0x0000000000400000-0x000000000042A000-memory.dmp

              Filesize

              168KB

              Download

            • memory/4664-9-0x0000000000400000-0x000000000042A000-memory.dmp

              Filesize

              168KB

              Download

            • memory/4664-10-0x0000000000400000-0x000000000042A000-memory.dmp

              Filesize

              168KB

              Download

            • memory/4664-13-0x0000000000400000-0x000000000042A000-memory.dmp

              Filesize

              168KB

              Download

            • memory/4664-21-0x0000000000400000-0x000000000042A000-memory.dmp

              Filesize

              168KB

              Download