Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30/12/2023, 12:58
General
-
Target
1940228162b5126395193072ce6e2168.exe
-
Size
158KB
-
MD5
1940228162b5126395193072ce6e2168
-
SHA1
74fdf3f84da08b54902ea94912a2cc2b202d888a
-
SHA256
0cebf46fcd36f705ebffd3e8edd56f9c82e6f52aea425509f5f1da0a7008691b
-
SHA512
09142b83138f4e73190ebca47f7e5eeab66c888dcf0d369ef1a8cb45992a11774d8d2ec55c1fe7e8f9b2ebb74faf9e2ed5bacc8fa52d70e1a627193c8206fc30
-
SSDEEP
3072:6X8Eb1Yj0ZsQnl+D9HiuFA95FkW3lhwyjenNpgMP4d4wBxveSaoSoYlcEmfQYVRP:6XXuj09nl+D9HiuFA95FkW3lhwyjenNw
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 3 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in Program Files directory 8 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1940228162b5126395193072ce6e2168.exe"C:\Users\Admin\AppData\Local\Temp\1940228162b5126395193072ce6e2168.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 3162⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB