bc9c416ce788138b88ab4775947237151455d5ad0ba063809f8c8f825dda6db9

Analysis

max time kernel
66s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 15:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

reWASD700-8447.exe
Size

50.6MB
MD5

1fe2497c00c2f0cf8e83d66ffc6cfa98
SHA1

290cbe2892da61e6ded1233b3b233f4d5a8ef952
SHA256

bc9c416ce788138b88ab4775947237151455d5ad0ba063809f8c8f825dda6db9
SHA512

77c3ec18f02e7d87ad3dda68b7135ee8dfe0031754297d72d3c694f2a2b547a85ec25f4a9cf53de33544a2941970ccee55d99ef4820dc045dc6730249e2b8ede
SSDEEP

1572864:lLxiua7+EGu5gxFs+yGKmaIDIv5EN2wKZE:lq7iMgxFry/C5ZqE

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 30 IoCs

pid	Process
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe
2896	reWASD700-8447.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
364	2896	WerFault.exe	87
3892	2896	WerFault.exe	87

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2896	reWASD700-8447.exe

C:\Users\Admin\AppData\Local\Temp\reWASD700-8447.exe
"C:\Users\Admin\AppData\Local\Temp\reWASD700-8447.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 1804
  2⤵
  - Program crash
  PID:364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 1784
  2⤵
  - Program crash
  PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2896 -ip 2896
1⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2896 -ip 2896
1⤵
PID:4548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\7z.dll

Filesize
57KB

MD5
559530b8e4186fcaa77d53e1614ce42c

SHA1
b931d8684aa2f99ead896db4b83b6ee28a8d2846

SHA256
aa5db30168571f1c1ef9650c9afb6d9307a5ba3e0cac314053af44b64c36f2ea

SHA512
69f8109d0d85dc9df5b0415ab9ab2aa9df1a38ebd3c5f64b78661b047a28151f340961d9785ec6d8c6cf1185ff7538c92e0272e07beed12b0006fe5c7ff15855

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\7z.dll

Filesize
155KB

MD5
ad71a5e3a757aef0329aeda567f25a00

SHA1
97c766d85c9dabfcabd5a983fe165506d227a8ac

SHA256
f6b9ae6eaaedc55db0e381ec153892c122f1f257ada80cf242a20be8a2f117ef

SHA512
6852496fb8f59bea3ae46efd507d654ae27306d9f4f2f0dc0db8b03f9f63a3712e075b12f0ebdf6ea88db081fca4dd29be1555584aa70386ccb8297beef886ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\CHS.dll

Filesize
83KB

MD5
bf591f4d366c6c27862373dfe1ed9c8a

SHA1
907037948f7708bbfda0d91725801ee80dfdafb0

SHA256
cdb1fcb52d718427246a79e810e59914386bddef399a7713405681fcb33ddb31

SHA512
f336edc46c231d5cd3ea9959fec3db42886e5fa7b066564ee0b996a4e7be62e832149ca9b59086e8f00219defbe150a94e0d32f018fb10cd4e2b2dbddce42177

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\CHT.dll

Filesize
84KB

MD5
178f9e57ca31a09c18a5983c9ddbc3a2

SHA1
0ed1366fdf7ad9a01cbf5eeb9239c7f805d77e73

SHA256
71e77957c236171222f7a5ddc1ae3381141ad617a17798737a0c0e5b5bb38d58

SHA512
4cb9623e60807789ea0f1fef773d8fa02e268aeefe90a14d4e8fe1e44be7f1742fb54226e68eff921783c6f4f09ab850ed0ebe202eac80b97d85aec63d188b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\DEU.dll

Filesize
206KB

MD5
4cbd547904dbb9e6cca6931cf58c8c1e

SHA1
d166fb044063f34ffcca83a2f3b40fd29626b3f9

SHA256
24a8b7347a7ad2118bd7368e1f1fdec0148f5128f1c3741ff80b56b1c0ff3fe7

SHA512
e03e4454cfaf38a20a7c4e58a4fa951f49c1bba7871f565c9be57daca5032ea1aee6e2fe4679f8ace2f1b167bca0e625af774e49747dc860ac15630e712d4599

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\ENU.dll

Filesize
171KB

MD5
79654940dd2606fb404152697446ffa9

SHA1
f9091154bfca73b2ff9bf5905f943924797b24d4

SHA256
7a71e4067f7dba33f040a7d9697e57f5d40806a6bacc7256aff1175261f5181c

SHA512
ff81db1a5a7b017b21f73e23f75a3dd860a0dc637d10f7cf23fb6ee02d35594517a0e01b0393104e0ef65f69f3e736c0d0d4529646d2441d60263dd1ce589def

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\ESN.dll

Filesize
199KB

MD5
ba9dadbf5d2408b15c673c0db76dedb3

SHA1
acd61dc7aedc9131fda2046a1cecf455500f1ff4

SHA256
d4767ae746392c47750ff3270dae18563d38e0fbedf7d6ef0c875d094da91552

SHA512
0ff54173657df32080f50b08144d9eec42e31ac5e83020b3a760ab90773ddecb19a184c13b9ec9828bb2879070dd17cc9ba1f61358bcdda9bfa0ad8757b550ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\FRA.dll

Filesize
92KB

MD5
ce97813283e121c5cc9843bac4f6b04c

SHA1
13522e64acedf7a7e1b119d4f2e44e548dce4322

SHA256
0321e1e498d102fc0b62cde618190e8170c2afeb70b5b8c2c37d58210117b05c

SHA512
a344c2aaf762e1f8951b6945da1d080a64518b5fb04ee503536bc0c73a743999208799802613230449ccc8b0990d8cee3ad3f51a2fbb980ff059c576b0055c70

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\setuphlp.dll

Filesize
950KB

MD5
5803f993b54809fe21dec0891b37cdfb

SHA1
8132b80e63fb336cb3d51d6d268d653f485a1742

SHA256
1c2e9ccf92ca043f9796682cc248707af17ef2e9cb4c013c344503852100c589

SHA512
26f185a5f8fd5c3e322b032f45f61aa6939f311156bf5f5c3a46ac456ef597206b35186f3c6a58f0fe0810e556fa60f995ce25646603608a720401971c5413fd

Download Submit
memory/2896-2-0x0000000007F40000-0x0000000007F50000-memory.dmp

Filesize
64KB

Download
memory/2896-4-0x0000000007EC0000-0x0000000007ECA000-memory.dmp

Filesize
40KB

Download
memory/2896-10-0x0000000008480000-0x000000000849E000-memory.dmp

Filesize
120KB

Download
memory/2896-9-0x00000000084C0000-0x0000000008536000-memory.dmp

Filesize
472KB

Download
memory/2896-3-0x0000000007ED0000-0x0000000007EE2000-memory.dmp

Filesize
72KB

Download
memory/2896-0-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/2896-1-0x0000000000260000-0x00000000034F6000-memory.dmp

Filesize
50.6MB

Download
memory/2896-29-0x000000006E190000-0x000000006E280000-memory.dmp

Filesize
960KB

Download
memory/2896-97-0x0000000009190000-0x00000000091D0000-memory.dmp

Filesize
256KB

Download
memory/2896-99-0x000000006E190000-0x000000006E280000-memory.dmp

Filesize
960KB

Download
memory/2896-98-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads