18f1878711ede4ba13c3931d4b6ff94fa94065c79adc579f438a5619fc8f9e7a

Analysis

max time kernel
7s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52e35466236500a2a11bf7ab0de3bedc.exe
Size

3.4MB
MD5

52e35466236500a2a11bf7ab0de3bedc
SHA1

1a180d384d13527846cfb40bfa299a708c9d165d
SHA256

18f1878711ede4ba13c3931d4b6ff94fa94065c79adc579f438a5619fc8f9e7a
SHA512

8e8e076ef1ef68c7a8f725df71f8afbcdb8ef3a17be95c1afa4437ed7de8e7ebe07c34eb9317e8453077075aa8a458bb3bb9ec41936e564156870d78199d62c7
SSDEEP

98304:InVLDT9Axi4aTCubCbuzu95f515Cpo4qevgqWu:IV3TOxJatbhzg51ApNvg7

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8QxP2ve8B7kzg.exe	52e35466236500a2a11bf7ab0de3bedc.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2724	2236	WerFault.exe	103

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 4144	1892	52e35466236500a2a11bf7ab0de3bedc.exe	17
PID 1892 wrote to memory of 4144	1892	52e35466236500a2a11bf7ab0de3bedc.exe	17
PID 1892 wrote to memory of 4144	1892	52e35466236500a2a11bf7ab0de3bedc.exe	17

C:\Users\Admin\AppData\Local\Temp\52e35466236500a2a11bf7ab0de3bedc.exe
"C:\Users\Admin\AppData\Local\Temp\52e35466236500a2a11bf7ab0de3bedc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Users\Admin\AppData\Local\Temp\52e35466236500a2a11bf7ab0de3bedc.exe
  "C:\Users\Admin\AppData\Local\Temp\52e35466236500a2a11bf7ab0de3bedc.exe"
  2⤵
  - Drops startup file
  PID:4144
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8QxP2ve8B7kzg.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8QxP2ve8B7kzg.exe" "C:\Users\Admin\AppData\Local\Temp\52e35466236500a2a11bf7ab0de3bedc.exe"
    3⤵
    PID:3284

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8QxP2ve8B7kzg.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8QxP2ve8B7kzg.exe" "C:\Users\Admin\AppData\Local\Temp\52e35466236500a2a11bf7ab0de3bedc.exe"
1⤵
PID:3304
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\SysWOW64\cmd.exe"
  2⤵
  PID:2236
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 1060
    3⤵
    - Program crash
    PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2236 -ip 2236
1⤵
PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1892-16-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/1892-0-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/2236-35-0x00000000090E0000-0x000000000915E000-memory.dmp

Filesize
504KB

Download
memory/2236-43-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/2236-48-0x0000000002550000-0x00000000025EE000-memory.dmp

Filesize
632KB

Download
memory/2236-37-0x00000000091C0000-0x000000000927D000-memory.dmp

Filesize
756KB

Download
memory/2236-52-0x0000000009AB0000-0x0000000009CBB000-memory.dmp

Filesize
2.0MB

Download
memory/2236-53-0x0000000009480000-0x0000000009814000-memory.dmp

Filesize
3.6MB

Download
memory/2236-47-0x0000000009480000-0x0000000009814000-memory.dmp

Filesize
3.6MB

Download
memory/2236-46-0x0000000009820000-0x00000000098C7000-memory.dmp

Filesize
668KB

Download
memory/2236-44-0x00000000091C0000-0x000000000927D000-memory.dmp

Filesize
756KB

Download
memory/2236-45-0x0000000009AB0000-0x0000000009CBB000-memory.dmp

Filesize
2.0MB

Download
memory/2236-29-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/2236-25-0x0000000002550000-0x00000000025EE000-memory.dmp

Filesize
632KB

Download
memory/2236-22-0x0000000002120000-0x00000000021B9000-memory.dmp

Filesize
612KB

Download
memory/2236-36-0x0000000009380000-0x000000000946A000-memory.dmp

Filesize
936KB

Download
memory/2236-42-0x0000000002550000-0x00000000025EE000-memory.dmp

Filesize
632KB

Download
memory/2236-30-0x00000000774A2000-0x00000000774A3000-memory.dmp

Filesize
4KB

Download
memory/2236-28-0x00000000774A2000-0x00000000774A3000-memory.dmp

Filesize
4KB

Download
memory/2236-32-0x0000000002550000-0x00000000025EE000-memory.dmp

Filesize
632KB

Download
memory/2236-33-0x0000000006D50000-0x0000000006D99000-memory.dmp

Filesize
292KB

Download
memory/2236-31-0x0000000002550000-0x00000000025EE000-memory.dmp

Filesize
632KB

Download
memory/2236-41-0x0000000009480000-0x0000000009814000-memory.dmp

Filesize
3.6MB

Download
memory/2236-34-0x0000000005450000-0x0000000005471000-memory.dmp

Filesize
132KB

Download
memory/2236-40-0x0000000009820000-0x00000000098C7000-memory.dmp

Filesize
668KB

Download
memory/2236-27-0x00000000774A2000-0x00000000774A3000-memory.dmp

Filesize
4KB

Download
memory/2236-39-0x0000000002550000-0x00000000025EE000-memory.dmp

Filesize
632KB

Download
memory/2236-38-0x0000000009AB0000-0x0000000009CBB000-memory.dmp

Filesize
2.0MB

Download
memory/3284-13-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/3304-24-0x0000000002A50000-0x0000000002AEE000-memory.dmp

Filesize
632KB

Download
memory/3304-15-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/3304-18-0x00000000774A2000-0x00000000774A3000-memory.dmp

Filesize
4KB

Download
memory/3304-19-0x00000000774A2000-0x00000000774A3000-memory.dmp

Filesize
4KB

Download
memory/3304-23-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/3304-20-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download
memory/3304-21-0x00000000774A2000-0x00000000774A3000-memory.dmp

Filesize
4KB

Download
memory/3304-17-0x0000000002A50000-0x0000000002AEE000-memory.dmp

Filesize
632KB

Download
memory/4144-1-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/4144-2-0x0000000000A50000-0x0000000000AEE000-memory.dmp

Filesize
632KB

Download
memory/4144-12-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/4144-14-0x0000000000A50000-0x0000000000AEE000-memory.dmp

Filesize
632KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads