Overview

overview

7

Static

static

3

2d00e86dd3...47.exe

windows7-x64

1

2d00e86dd3...47.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    158s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d00e86dd3fab27c9ec958226f47d847.exe

  • Size

    41KB

  • MD5

    2d00e86dd3fab27c9ec958226f47d847

  • SHA1

    6606dff65325bde35507102c0dff38a5cc06581d

  • SHA256

    6899b92f0bdd22b30e1e05d55284760d6c530d58ad92a431a1ffc5d56aed4704

  • SHA512

    51acdfefc8446749dd6df353771143f3cf1285a329ee1a148fdac555ee14e1b42c703b76d7fd117c5d0ea9c3dddaa9ff1811c6acd02439b01b06e0f56e40607d

  • SSDEEP

    768:WdowMT4KjhGDr10G9XzVbGzneub3u9CYfyaqtdRt:W+T48hGDRv1Gb3fYfy1t

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d00e86dd3fab27c9ec958226f47d847.exe
    "C:\Users\Admin\AppData\Local\Temp\2d00e86dd3fab27c9ec958226f47d847.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Windows\tmp.tmp.tmp1
      C:\Windows\tmp.tmp.tmp1
      2⤵
      • Executes dropped EXE
      PID:1528
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 492
        3⤵
        • Program crash
        PID:3620
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 496
      2⤵
      • Program crash
      PID:3844
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1528 -ip 1528
    1⤵
      PID:2880
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4756 -ip 4756
      1⤵
        PID:4864

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\tmp.tmp.tmp1
        Filesize

        13KB

        MD5

        240507bebbc472a1cf19a416bd64849f

        SHA1

        459bdafa03c591c4aa8e618ca32fa0d90c91b8a9

        SHA256

        714159802d61bd89ef9335a04944812628b3138f9705448bc805225f3c76f9c0

        SHA512

        19aa5edbbed229547bf10a2470b1328375c80a2189f28f956f33777254c2dc9b7b61e795861b99a26021857fb73b93aa164d61a9215d6952ad4d17809fed34bb

        Download Submit

      • memory/4756-0-0x0000000000400000-0x000000000040C000-memory.dmp

        Filesize

        48KB

        Download

      • memory/4756-9-0x0000000000400000-0x000000000040C000-memory.dmp

        Filesize

        48KB

        Download