7910afb3bbcb3bee0463b099032788942f837b7b3dc8c92ef6623db0f213488a

Analysis

max time kernel
2s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 11:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3cb8590c7b77611ff486ea54d9326044.exe
Size

10KB
MD5

3cb8590c7b77611ff486ea54d9326044
SHA1

60796d20dd43ba739f0fc7e532709401ed412e15
SHA256

7910afb3bbcb3bee0463b099032788942f837b7b3dc8c92ef6623db0f213488a
SHA512

e2ccbb3ed7f149c16cdad2e640e1bba170244b2a98618db3ab4b29ef46165c388f342f982bbb99ff8b72ea138b2e71c56c2cf87912fe592e55f70cabf67c73e0
SSDEEP

192:kGXmfPWOjVY8Zq70V5neld/B9cuYykCYypsWIKiI4ma7cybYYKJ49oo:B8PWORYaUd/oAkCXps5KZ4f7cy/KJ49o

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\3cb8590c7b77611ff486ea54d9326044 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3cb8590c7b77611ff486ea54d9326044.exe"	3cb8590c7b77611ff486ea54d9326044.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4312	3784	WerFault.exe	12

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3784	3cb8590c7b77611ff486ea54d9326044.exe
3784	3cb8590c7b77611ff486ea54d9326044.exe
3784	3cb8590c7b77611ff486ea54d9326044.exe

C:\Users\Admin\AppData\Local\Temp\3cb8590c7b77611ff486ea54d9326044.exe
"C:\Users\Admin\AppData\Local\Temp\3cb8590c7b77611ff486ea54d9326044.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:3784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 2312
  2⤵
  - Program crash
  PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3784 -ip 3784
1⤵
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3784-0-0x0000000000400000-0x0000000000408150-memory.dmp

Filesize
32KB

Download
memory/3784-1-0x0000000000400000-0x0000000000408150-memory.dmp

Filesize
32KB

Download
memory/3784-4-0x0000000000400000-0x0000000000408150-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads