147abebe9bcdb43d30484c168fa608862ffbb2dda488b5af5ecffa0e0d9d96dd

Analysis

max time kernel
138s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2024 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47691e87a699b5193af6f01cfb24748d.exe
Size

467KB
MD5

47691e87a699b5193af6f01cfb24748d
SHA1

c66480115b73d9343fe210a0edf429ad3412fd1e
SHA256

147abebe9bcdb43d30484c168fa608862ffbb2dda488b5af5ecffa0e0d9d96dd
SHA512

bab3c2281782057d0897cdb9bf20071c51be6862a9cad2531e21603d3b88d284abd10af5cc8983b9634340850c99a47b2372dfca157bb288dfc579c1e8dc9c56
SSDEEP

6144:uI2aAWjtk0+Unzvprya5O05XCw1Xg4/a89YiqrtLgbgbOg4qAVyayPNyeSPK/WU7:8alq0lzpuazXpraDfKjmMo

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\47691e87a699b5193af6f01cfb24748d.lnk	47691e87a699b5193af6f01cfb24748d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1348	4784	WerFault.exe	89
724	4784	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 1348	4784	47691e87a699b5193af6f01cfb24748d.exe	96
PID 4784 wrote to memory of 1348	4784	47691e87a699b5193af6f01cfb24748d.exe	96
PID 4784 wrote to memory of 1348	4784	47691e87a699b5193af6f01cfb24748d.exe	96

C:\Users\Admin\AppData\Local\Temp\47691e87a699b5193af6f01cfb24748d.exe
"C:\Users\Admin\AppData\Local\Temp\47691e87a699b5193af6f01cfb24748d.exe"
1⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 940
  2⤵
  - Program crash
  PID:1348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 940
  2⤵
  - Program crash
  PID:724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4784 -ip 4784
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4784-0-0x0000000000D50000-0x0000000000D52000-memory.dmp

Filesize
8KB

Download
memory/4784-1-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download
memory/4784-2-0x00000000014E0000-0x00000000014E1000-memory.dmp

Filesize
4KB

Download
memory/4784-3-0x0000000001500000-0x0000000001501000-memory.dmp

Filesize
4KB

Download
memory/4784-4-0x0000000001510000-0x0000000001511000-memory.dmp

Filesize
4KB

Download
memory/4784-5-0x0000000001530000-0x0000000001531000-memory.dmp

Filesize
4KB

Download
memory/4784-6-0x0000000001540000-0x0000000001541000-memory.dmp

Filesize
4KB

Download
memory/4784-8-0x00000000039F0000-0x00000000039F1000-memory.dmp

Filesize
4KB

Download
memory/4784-7-0x00000000039E0000-0x00000000039E1000-memory.dmp

Filesize
4KB

Download
memory/4784-9-0x0000000003A00000-0x0000000003A01000-memory.dmp

Filesize
4KB

Download
memory/4784-11-0x0000000003A20000-0x0000000003A21000-memory.dmp

Filesize
4KB

Download
memory/4784-10-0x0000000003A10000-0x0000000003A11000-memory.dmp

Filesize
4KB

Download
memory/4784-12-0x0000000003A30000-0x0000000003A31000-memory.dmp

Filesize
4KB

Download
memory/4784-13-0x0000000003A90000-0x0000000003A91000-memory.dmp

Filesize
4KB

Download
memory/4784-15-0x0000000003AB0000-0x0000000003AB1000-memory.dmp

Filesize
4KB

Download
memory/4784-14-0x0000000001550000-0x0000000001552000-memory.dmp

Filesize
8KB

Download
memory/4784-16-0x0000000003AC0000-0x0000000003AC1000-memory.dmp

Filesize
4KB

Download
memory/4784-17-0x0000000003AD0000-0x0000000003AD1000-memory.dmp

Filesize
4KB

Download
memory/4784-18-0x0000000003AE0000-0x0000000003AE1000-memory.dmp

Filesize
4KB

Download
memory/4784-19-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/4784-20-0x0000000003A40000-0x0000000003A41000-memory.dmp

Filesize
4KB

Download
memory/4784-21-0x0000000003A50000-0x0000000003A51000-memory.dmp

Filesize
4KB

Download
memory/4784-22-0x0000000003AA0000-0x0000000003AA1000-memory.dmp

Filesize
4KB

Download
memory/4784-23-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

Filesize
4KB

Download
memory/4784-24-0x0000000003B10000-0x0000000003B11000-memory.dmp

Filesize
4KB

Download
memory/4784-26-0x0000000003A60000-0x0000000003A86000-memory.dmp

Filesize
152KB

Download
memory/4784-25-0x0000000003B20000-0x0000000003B21000-memory.dmp

Filesize
4KB

Download
memory/4784-27-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/4784-31-0x0000000003B40000-0x0000000003B41000-memory.dmp

Filesize
4KB

Download
memory/4784-39-0x0000000003B70000-0x0000000003B71000-memory.dmp

Filesize
4KB

Download
memory/4784-38-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download