514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710

Analysis

max time kernel
200s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3db2660d7cffcb682ce00e0bde927517.exe
Size

860KB
MD5

3db2660d7cffcb682ce00e0bde927517
SHA1

91c05b98597758c8f37c84f0addb074457ebee34
SHA256

514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710
SHA512

850f0f33032f16a090e09249a0671756ab341493a9e220587b5cf9b9d1f697e187c0bea49dd7f2a4c53c6deda8618674b48da5ebe6e7c1b7addfced99b6490c0
SSDEEP

12288:720LBewQKm0Ih+F2k2dVEqoGO2p4W/pSbhrwzrW90ivPG1AnvBMhxKy3C5imMdM3:7xBeCLIE+PoGO26cEmy0ivOa5aC0mAw

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5060	2372	WerFault.exe	87

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2372	3db2660d7cffcb682ce00e0bde927517.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3132	2372	3db2660d7cffcb682ce00e0bde927517.exe	92
PID 2372 wrote to memory of 3132	2372	3db2660d7cffcb682ce00e0bde927517.exe	92
PID 2372 wrote to memory of 3132	2372	3db2660d7cffcb682ce00e0bde927517.exe	92

C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe
"C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe
  2⤵
  PID:3132
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 480
  2⤵
  - Program crash
  PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2372 -ip 2372
1⤵
PID:4040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2372-0-0x0000000005630000-0x0000000005640000-memory.dmp

Filesize
64KB

Download
memory/2372-1-0x0000000005650000-0x0000000005660000-memory.dmp

Filesize
64KB

Download
memory/2372-2-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/2372-3-0x0000000005680000-0x0000000005690000-memory.dmp

Filesize
64KB

Download
memory/2372-4-0x0000000005690000-0x00000000056A0000-memory.dmp

Filesize
64KB

Download
memory/2372-5-0x00000000056A0000-0x00000000056B0000-memory.dmp

Filesize
64KB

Download
memory/2372-6-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2372-7-0x00000000056C0000-0x00000000056D0000-memory.dmp

Filesize
64KB

Download
memory/2372-8-0x00000000056D0000-0x00000000056E0000-memory.dmp

Filesize
64KB

Download
memory/2372-9-0x0000000005F30000-0x0000000005F40000-memory.dmp

Filesize
64KB

Download
memory/2372-10-0x0000000005F40000-0x0000000005F50000-memory.dmp

Filesize
64KB

Download
memory/2372-11-0x0000000005F50000-0x0000000005F60000-memory.dmp

Filesize
64KB

Download
memory/2372-12-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2372-13-0x0000000005F70000-0x0000000005F80000-memory.dmp

Filesize
64KB

Download
memory/2372-14-0x0000000005F90000-0x0000000005FA0000-memory.dmp

Filesize
64KB

Download
memory/2372-15-0x0000000005FA0000-0x0000000005FB0000-memory.dmp

Filesize
64KB

Download
memory/2372-16-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads