313c6327168e995d827db1f1a83093b159331b28395b41c90d7574c8ceace9c5

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4929381989370725126a3783d64c90c0.exe
Size

3.5MB
MD5

4929381989370725126a3783d64c90c0
SHA1

027013509f2b7af24352fa63b681d4cd2126d5bd
SHA256

313c6327168e995d827db1f1a83093b159331b28395b41c90d7574c8ceace9c5
SHA512

68a9cc851a8bd67c10bfa46fe5fe3f652679e455d6a2a43fcd5083d09448c318bf453ca0be0d7917a0b1e5a5c2f92dc139ce6be12c46f03d7e080e1370ca6918
SSDEEP

49152:oNDz/YogfniXtXIMfX2wGBDDQ/XSHdX4MPXGg:oRztXtWHd

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2652	4929381989370725126a3783d64c90c0.exe

Executes dropped EXE 1 IoCs

pid	Process
2652	4929381989370725126a3783d64c90c0.exe

Loads dropped DLL 4 IoCs

pid	Process
2112	4929381989370725126a3783d64c90c0.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1508	2652	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2112	4929381989370725126a3783d64c90c0.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2652	4929381989370725126a3783d64c90c0.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2652	2112	4929381989370725126a3783d64c90c0.exe	29
PID 2112 wrote to memory of 2652	2112	4929381989370725126a3783d64c90c0.exe	29
PID 2112 wrote to memory of 2652	2112	4929381989370725126a3783d64c90c0.exe	29
PID 2112 wrote to memory of 2652	2112	4929381989370725126a3783d64c90c0.exe	29
PID 2652 wrote to memory of 1508	2652	4929381989370725126a3783d64c90c0.exe	30
PID 2652 wrote to memory of 1508	2652	4929381989370725126a3783d64c90c0.exe	30
PID 2652 wrote to memory of 1508	2652	4929381989370725126a3783d64c90c0.exe	30
PID 2652 wrote to memory of 1508	2652	4929381989370725126a3783d64c90c0.exe	30

C:\Users\Admin\AppData\Local\Temp\4929381989370725126a3783d64c90c0.exe
"C:\Users\Admin\AppData\Local\Temp\4929381989370725126a3783d64c90c0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\4929381989370725126a3783d64c90c0.exe
  C:\Users\Admin\AppData\Local\Temp\4929381989370725126a3783d64c90c0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 144
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4929381989370725126a3783d64c90c0.exe

Filesize
893KB

MD5
ddf9b77c75c243a563ff18e15fca8d4b

SHA1
d0ba600d230c7253531003662e109f16284fe56a

SHA256
864d56ba4ce1601e92b4918c9122483e122ac15f6bc0f9f838073f13f1e16bcf

SHA512
f207d7e8c8cb608fab11ddc8e7e729bb1f24cda71f8b657eba257eb49946b05cef40b3d44a30022ca906623ebe548aac948ea37ed7584bf3d4867be87010aca1

Download Submit
\Users\Admin\AppData\Local\Temp\4929381989370725126a3783d64c90c0.exe

Filesize
92KB

MD5
12c426d235d8e78f2f5499efe7579e12

SHA1
88537838c7183cf19f51b8bd220acddd0fc5d8f6

SHA256
bb5bfc7660efc53150e557f9f6e10a97841c9da16bdcd2604f49032f33f258ca

SHA512
e507cc1603c3cc9cbe92ddd7ed52f8fb503cdd3c966bc2d2e1b485d569ddac9cbf177d8d873f9d7f3a2f4b6a41890cf3a9adcc733ae89b390203fef6c46c763e

Download Submit
\Users\Admin\AppData\Local\Temp\4929381989370725126a3783d64c90c0.exe

Filesize
704KB

MD5
8947ac735fc0e13197bd595428b5f209

SHA1
ff660dc607e6e159750d44e3bb09e2bcff58dcbf

SHA256
d627292d07285fefd04687df606fe4c0b621624d4f37dc49309e9d7741e11d0e

SHA512
d0b52fe110f0cb73e261dac2cf2899a6d5e3cab6aa0bbca87383dcb0e90a9d408372eef50e3e1711fa76f742bb45f9bb26d3e0a535caf32c8a795bb6c4180e31

Download Submit
memory/2112-0-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2112-6-0x0000000002D30000-0x0000000002E15000-memory.dmp

Filesize
916KB

Download
memory/2112-8-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2652-10-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2652-11-0x0000000002D20000-0x0000000002E05000-memory.dmp

Filesize
916KB

Download