d00136f53e9a79326ca0f0979bdcad1492efb6216daa07a14939503c82cc9e8b

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$APPDATA/fastwinutl/fastwinutl.exe
Size

251KB
MD5

e97796d9487db7cdc66b836704050fd4
SHA1

6e25bca3dfeeab155082e25816117ecb3c15915c
SHA256

879ae79db4c74b9e216ed8efc262e6630a5de2588fca547ac6406c6cd4ede24b
SHA512

720b33ff0a6228fe1541ffd5e7cf146333bd21a93af82453550aed7cd28d396d4074df922a1243dfb5ee9ec048fc916ca508fdffecfcf8dd616a01395dc793e7
SSDEEP

6144:vmrhOQl5FbpiROMWQt5bCeY9D7Nby2h81p6nBoPSoTM:vmrhLtSO7QtTYtNe266nBqSoTM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3036	fastwinutl.exe

Loads dropped DLL 3 IoCs

pid	Process
1376	rundll32.exe
1376	rundll32.exe
1376	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
460	1376	WerFault.exe	86

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 3036	3612	fastwinutl.exe	85
PID 3612 wrote to memory of 3036	3612	fastwinutl.exe	85
PID 3612 wrote to memory of 3036	3612	fastwinutl.exe	85
PID 3036 wrote to memory of 1376	3036	fastwinutl.exe	86
PID 3036 wrote to memory of 1376	3036	fastwinutl.exe	86
PID 3036 wrote to memory of 1376	3036	fastwinutl.exe	86

C:\Users\Admin\AppData\Local\Temp\$APPDATA\fastwinutl\fastwinutl.exe
"C:\Users\Admin\AppData\Local\Temp\$APPDATA\fastwinutl\fastwinutl.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Users\Admin\AppData\Roaming\fastwinutl\fastwinutl.exe
  C:\Users\Admin\AppData\Roaming\fastwinutl\fastwinutl.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Roaming\FASTWI~1\FASTWI~1.DLL 000
    3⤵
    - Loads dropped DLL
    PID:1376
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 748
      4⤵
      Program crash
      PID:460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1376 -ip 1376
1⤵
PID:4316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\FASTWI~1\FASTWI~1.DLL

Filesize
240KB

MD5
fb955e4d9848b983432207a85f44e4e6

SHA1
619ff8ef8bb036c03f9ef827e73aaf735caaa518

SHA256
99e51aa3af8834cb7ecec5109516b7cd4f6a0706c40ec9f23a6b30a9d79aee6a

SHA512
577aa6e523fafa0bbfbb5842dd5ffa659b73a976e837e5d38c4cd52013fcc6448e82d734309b47af74c0be93767c461ece2600d9a0cdb7ce43012f16935bf36d

Download Submit
C:\Users\Admin\AppData\Roaming\FASTWI~1\hnnkinossggbmb.dll

Filesize
160KB

MD5
9a422a0a2e213225702ecb3c43836af6

SHA1
68c617226565379e135fc6597f9ee04e9292fa87

SHA256
fc8636f3dd9da67eee08b1e598384715dc21fda681ec4f6a31e76e2a5bad79e2

SHA512
d68d94fb0dd6de1b075fbf313da46569ee9c2ff4d4448784f5fbda16cc75fa2a8a5f6192b10e7b96a375f34abea674aac17386bd5f96b7548a4530c6dd0c5e50

Download Submit
C:\Users\Admin\AppData\Roaming\fastwinutl\fastwinutl.exe

Filesize
251KB

MD5
e97796d9487db7cdc66b836704050fd4

SHA1
6e25bca3dfeeab155082e25816117ecb3c15915c

SHA256
879ae79db4c74b9e216ed8efc262e6630a5de2588fca547ac6406c6cd4ede24b

SHA512
720b33ff0a6228fe1541ffd5e7cf146333bd21a93af82453550aed7cd28d396d4074df922a1243dfb5ee9ec048fc916ca508fdffecfcf8dd616a01395dc793e7

Download Submit
memory/1376-28-0x0000000000E00000-0x0000000000E2A000-memory.dmp

Filesize
168KB

Download
memory/1376-29-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download
memory/1376-31-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/1376-16-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/1376-17-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/1376-20-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/1376-26-0x0000000000E00000-0x0000000000E2A000-memory.dmp

Filesize
168KB

Download
memory/1376-32-0x0000000000E00000-0x0000000000E2A000-memory.dmp

Filesize
168KB

Download
memory/1376-30-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download
memory/3036-10-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3036-12-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3612-2-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3612-1-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3612-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3612-9-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads