Overview

overview

7

Static

static

1

527c0a92f1...7a.exe

windows7-x64

7

527c0a92f1...7a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2024 04:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    527c0a92f14411fd7cbb755d680eac7a.exe

  • Size

    754KB

  • MD5

    527c0a92f14411fd7cbb755d680eac7a

  • SHA1

    8df3dbe928757deee5a78b1859cc8c802ed01685

  • SHA256

    16a6b731a1ed644dfcf898bf8a42246266c12c4f29b75ef0af60e9e2a22f86a0

  • SHA512

    31d56df65f7c543f222728d2e3671d5d98cf063405c3f74b73ede70b0f80c53ed06d11e4134161283a5e6466c0b0c9d09f0c640e742e6c62bda11fc111afd35a

  • SSDEEP

    12288:7BhyRKF9Je6ouxOtgwl0VgcLD7cFM1MY1S1jeqcpfpu9ljNq3jbGNDmUAMNKoNNl:/oKF9JlCWTHDcFhY1SuUlNWjbqmUjNbB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\527c0a92f14411fd7cbb755d680eac7a.exe
    "C:\Users\Admin\AppData\Local\Temp\527c0a92f14411fd7cbb755d680eac7a.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3968
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1520
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 1524
        3⤵
        • Program crash
        PID:1808
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 784
        3⤵
        • Program crash
        PID:3948
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 1540
        3⤵
        • Program crash
        PID:1988
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1520 -ip 1520
    1⤵
      PID:2664
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1520 -ip 1520
      1⤵
        PID:4480
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1520 -ip 1520
        1⤵
          PID:2388

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1520-7-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/1520-17-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/3968-0-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/3968-1-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/3968-6-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download