b23cb04afe59fee16c95ef5d24a67cb493d4ea88b62f6996e54493548acad6c2

Submit
Reports

Overview

overview

Static

static

samples3.zip

windows7-x64

samples3.zip

windows10-2004-x64

05cf6eee9b...b3.exe

windows7-x64

05cf6eee9b...b3.exe

windows10-2004-x64

0d332c0478...a7.exe

windows7-x64

0d332c0478...a7.exe

windows10-2004-x64

0fd8500fde...1e.exe

windows7-x64

0fd8500fde...1e.exe

windows10-2004-x64

11edf9436a...ed.pdf

windows7-x64

11edf9436a...ed.pdf

windows10-2004-x64

19a640415b...5c.exe

windows7-x64

19a640415b...5c.exe

windows10-2004-x64

33aa57b04b...cb.exe

windows7-x64

33aa57b04b...cb.exe

windows10-2004-x64

3643464a22...19.exe

windows7-x64

3643464a22...19.exe

windows10-2004-x64

37e2f97755...26.exe

windows7-x64

37e2f97755...26.exe

windows10-2004-x64

54cd11236f...ff.exe

windows7-x64

54cd11236f...ff.exe

windows10-2004-x64

55bc661ad4...8c.exe

windows7-x64

55bc661ad4...8c.exe

windows10-2004-x64

603d665f09...68.exe

windows7-x64

603d665f09...68.exe

windows10-2004-x64

6ea27a0861...7e.exe

windows7-x64

6ea27a0861...7e.exe

windows10-2004-x64

73af283fcb...0c.exe

windows7-x64

73af283fcb...0c.exe

windows10-2004-x64

7e41197b74...67.exe

windows7-x64

7e41197b74...67.exe

windows10-2004-x64

a878fed055...99.exe

windows7-x64

a878fed055...99.exe

windows10-2004-x64

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 15:27

Sharing

Copy URL

Twitter E-mail

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

samples3.zip

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

samples3.zip

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7.exe

Resource

win7-20231215-en

persistence ransomware spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral6

Sample

0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7.exe

Resource

win10v2004-20231215-en

persistence ransomware spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral7

Sample

0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf

Resource

win10v2004-20231222-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral11

Sample

19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c.exe

Resource

win7-20231215-en

phobos evasion persistence ransomware spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral12

Sample

19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c.exe

Resource

win10v2004-20231215-en

phobos evasion persistence ransomware spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral13

Sample

33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb.exe

Resource

win7-20231215-en

persistence

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral14

Sample

33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb.exe

Resource

win10v2004-20231215-en

persistence

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral15

Sample

3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19.exe

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe

Resource

win7-20231215-en

bootkit persistence

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral20

Sample

54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe

Resource

win10v2004-20231215-en

bootkit persistence

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe

Resource

win7-20231215-en

ransomware spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral22

Sample

55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe

Resource

win10v2004-20231215-en

spyware stealer

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral24

Sample

603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e.exe

Resource

win7-20231129-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c.exe

Resource

win7-20231215-en

evasion

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c.exe

Resource

win10v2004-20231215-en

evasion

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667.exe

Resource

win7-20231215-en

ransomware spyware stealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667.exe

Resource

win10v2004-20231222-en

ransomware spyware stealer

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral32

Sample

a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe
Size

185KB
MD5

f1dd63587760176e8a57c378ed2113c1
SHA1

21ad96148b4f65bad4d7f28fb422a112c19e9b18
SHA256

a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99
SHA512

9bbafa10779f2d1eb210254d48f2df62cc40fa6445b7a1a6b2d24a485e036098025c0d8cd39524b7fb496f53e31b49f3c0783cf0718e65c99e42685e9379b6ad
SSDEEP

3072:lVnUZh5lgIS4YU3KEvOnEVV5KbHyM+lmsolAIrRuw+mqv9j1MWLQLmbY:lVU35lvS4YiWnEVV0bR+lDAAVb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5088 4180 WerFault.exe a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe

pid	pid_target	process	target process
5088	4180	WerFault.exe	a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe
"C:\Users\Admin\AppData\Local\Temp\a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe"
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 772
2⤵
- Program crash
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4180 -ip 4180
1⤵
PID:4668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4180-1-0x0000000074B50000-0x0000000075300000-memory.dmp

Filesize
7.7MB

Download
memory/4180-0-0x00000000007D0000-0x0000000000804000-memory.dmp

Filesize
208KB

Download
memory/4180-2-0x0000000074B50000-0x0000000075300000-memory.dmp

Filesize
7.7MB

Download