Overview

overview

7

Static

static

3

23ea20fb1a...2e.exe

windows7-x64

7

23ea20fb1a...2e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    116s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 02:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    23ea20fb1a031015b134b4c69e6d772e.exe

  • Size

    1.5MB

  • MD5

    23ea20fb1a031015b134b4c69e6d772e

  • SHA1

    474b0bf20ddb80ee7966c83ddb60d2f63bd503ac

  • SHA256

    8563c8a2b17aa37ca8739f005d109fd532cd6f56e25f6d216fbfe3c497eb5a22

  • SHA512

    fccef94ca33b2a37b4bd163203bcb5fac179c11ce2ff12e7123b2adb3768fadb8fbdabe06c92502521e70c811d38592dceade405baa435658cbb6e922554027d

  • SSDEEP

    24576:XkGQp66snFPOOAr4cHX10m0NTzSOqb6u/Yd72ftPLCQmO5F8SSm8uYVdEbK:XkJspwZHXWm0NT7g6rdyftTCQmOvxYCK

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23ea20fb1a031015b134b4c69e6d772e.exe
    "C:\Users\Admin\AppData\Local\Temp\23ea20fb1a031015b134b4c69e6d772e.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Users\Admin\AppData\Local\Temp\23ea20fb1a031015b134b4c69e6d772e.exe
      "C:\Users\Admin\AppData\Local\Temp\23ea20fb1a031015b134b4c69e6d772e.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4388
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 2012
        3⤵
        • Program crash
        PID:5084
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 2060
        3⤵
        • Program crash
        PID:4352
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4388 -ip 4388
    1⤵
      PID:4348
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4388 -ip 4388
      1⤵
        PID:2588

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3516-0-0x0000000000400000-0x0000000000582000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/4388-1-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download

            • memory/4388-2-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download

            • memory/4388-3-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download

            • memory/4388-4-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download

            • memory/4388-5-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download

            • memory/4388-6-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download

            • memory/4388-7-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download

            • memory/4388-8-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download