Overview

overview

7

Static

static

3

11d5306c2e...89.exe

windows7-x64

7

11d5306c2e...89.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    2s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 07:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    11d5306c2e7e16999729fe5d3d8a9a89.exe

  • Size

    646KB

  • MD5

    11d5306c2e7e16999729fe5d3d8a9a89

  • SHA1

    bb83f767dbeed8ef8908bd1f450ec24167baff1b

  • SHA256

    a9b7e5db9d04f9067a6da5eba36bbdb3ce31476ec756d98d6bfd021788135c48

  • SHA512

    6dcf231e7f548038a7618431a43e57f4064e21c7312f8f52f88ba11b109059e1bf3031af643785ef7142aee20889fe782bd33507a96cd9317626b0eeb94a7ea5

  • SSDEEP

    12288:VGyhWez95yDNKXAQimWoSdQatinTl1RF3Z4mxxe8bRE/:V3n9QQimWo1atyRQmXev/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 12 IoCs
  • Drops file in Windows directory 4 IoCs
  • Program crash 2 IoCs
  • Modifies data under HKEY_USERS 62 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11d5306c2e7e16999729fe5d3d8a9a89.exe
    "C:\Users\Admin\AppData\Local\Temp\11d5306c2e7e16999729fe5d3d8a9a89.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 324
      2⤵
      • Program crash
      PID:4640
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\RAV2007.BAT
      2⤵
        PID:1324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 5088 -ip 5088
      1⤵
        PID:4588
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 324
        1⤵
        • Program crash
        PID:1308
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4324 -ip 4324
        1⤵
          PID:4924
        • C:\Windows\SKCHOST.exe
          C:\Windows\SKCHOST.exe
          1⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • Modifies data under HKEY_USERS
          • Suspicious use of WriteProcessMemory
          PID:4324
          • C:\Program Files\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
            2⤵
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            PID:3260
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3260 CREDAT:17410 /prefetch:2
          1⤵
            PID:684
            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=3d002c
              2⤵
                PID:3644
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=3d002c
                  3⤵
                    PID:2272
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2376 /prefetch:8
                      4⤵
                        PID:2436
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
                        4⤵
                          PID:920
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
                          4⤵
                            PID:532
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
                            4⤵
                              PID:2364
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
                              4⤵
                                PID:5012
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                                4⤵
                                  PID:1636
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
                                  4⤵
                                    PID:4924
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
                                    4⤵
                                      PID:1256
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
                                      4⤵
                                        PID:1468
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
                                        4⤵
                                          PID:3800
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                          4⤵
                                            PID:5224
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe4,0xf8,0xec,0x100,0xe0,0x7ff762f65460,0x7ff762f65470,0x7ff762f65480
                                              5⤵
                                                PID:5248
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11176362984829596853,9843059595330640907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
                                              4⤵
                                                PID:5216
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe25e346f8,0x7ffe25e34708,0x7ffe25e34718
                                          1⤵
                                            PID:1056
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:3932
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:3728

                                              Network

                                                    MITRE ATT&CK Matrix

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • memory/4324-356-0x0000000002400000-0x000000000249E000-memory.dmp

                                                      Filesize

                                                      632KB

                                                      Download

                                                    • memory/4324-381-0x0000000002400000-0x000000000249E000-memory.dmp

                                                      Filesize

                                                      632KB

                                                      Download

                                                    • memory/4324-380-0x0000000000400000-0x0000000000552000-memory.dmp

                                                      Filesize

                                                      1.3MB

                                                      Download

                                                    • memory/5088-0-0x0000000000400000-0x0000000000552000-memory.dmp

                                                      Filesize

                                                      1.3MB

                                                      Download

                                                    • memory/5088-2-0x0000000002380000-0x0000000002381000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-12-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-20-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-26-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-31-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-32-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-50-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-58-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-64-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-63-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-62-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-61-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-60-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-59-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-57-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-56-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-55-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-54-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-53-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-52-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-51-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-49-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-48-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-47-0x0000000002500000-0x0000000002501000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-46-0x00000000024A0000-0x00000000024A1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-45-0x00000000024B0000-0x00000000024B1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-44-0x00000000024D0000-0x00000000024D1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-43-0x00000000024F0000-0x00000000024F1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-42-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-41-0x0000000002410000-0x0000000002411000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-40-0x0000000002480000-0x0000000002481000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-39-0x0000000002450000-0x0000000002451000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-116-0x0000000000400000-0x0000000000552000-memory.dmp

                                                      Filesize

                                                      1.3MB

                                                      Download

                                                    • memory/5088-38-0x0000000002460000-0x0000000002461000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-37-0x00000000023F0000-0x00000000023F1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-36-0x0000000002400000-0x0000000002401000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-35-0x0000000002470000-0x0000000002471000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-34-0x0000000002420000-0x0000000002421000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-33-0x0000000002440000-0x0000000002441000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-30-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-29-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-28-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-27-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-25-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-24-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-23-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-22-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-21-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-19-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-18-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-17-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-16-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-15-0x00000000023D0000-0x00000000023D1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-14-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-13-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-11-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-10-0x00000000033D0000-0x00000000034D0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                      Download

                                                    • memory/5088-9-0x00000000023A0000-0x00000000023A1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-8-0x00000000023B0000-0x00000000023B1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-7-0x0000000002330000-0x0000000002331000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-6-0x0000000002340000-0x0000000002341000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-4-0x00000000023C0000-0x00000000023C1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-3-0x0000000002360000-0x0000000002361000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/5088-1-0x0000000000810000-0x0000000000864000-memory.dmp

                                                      Filesize

                                                      336KB

                                                      Download