944021660ccd13d1702dbb2ac36ef1cf669d5fcadf0124ececd648cdcec48b4e

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74eebfbecb09dec824a6d66c30293d0a.exe
Size

622KB
MD5

74eebfbecb09dec824a6d66c30293d0a
SHA1

7cbe4f91d04949f6efb4053e88d561554fa75236
SHA256

944021660ccd13d1702dbb2ac36ef1cf669d5fcadf0124ececd648cdcec48b4e
SHA512

1126c04f79ba126dfd4f551954c2018c9cbe5afca95e12cefeb3e8f5babbfa41958ea44baf7a70906e3b7651dab633731e1b116229235c0a53ee7d47ff3b88eb
SSDEEP

12288:jX3LIeYB3OutWcgYLi6yYzvF3Z4mxxB0UGpzXTNlLuT:jX3L7oztWcgYllQmXB0UAjNluT

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2028 cmd.exe
Executes dropped EXE 1 IoCs

Processes:

Server.exe

pid process

3060 Server.exe
Loads dropped DLL 5 IoCs

Processes:

74eebfbecb09dec824a6d66c30293d0a.exeWerFault.exe

pid process

2128 74eebfbecb09dec824a6d66c30293d0a.exe
2128 74eebfbecb09dec824a6d66c30293d0a.exe
2564 WerFault.exe
2564 WerFault.exe
2564 WerFault.exe

pid	process
2028	cmd.exe

pid	process
3060	Server.exe

pid	process
2128	74eebfbecb09dec824a6d66c30293d0a.exe
2128	74eebfbecb09dec824a6d66c30293d0a.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe

Drops file in Program Files directory 3 IoCs

Processes:

74eebfbecb09dec824a6d66c30293d0a.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe	74eebfbecb09dec824a6d66c30293d0a.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe	74eebfbecb09dec824a6d66c30293d0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat	74eebfbecb09dec824a6d66c30293d0a.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2564 3060 WerFault.exe Server.exe

pid	pid_target	process	target process
2564	3060	WerFault.exe	Server.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

74eebfbecb09dec824a6d66c30293d0a.exeServer.exe

description	pid	process	target process
PID 2128 wrote to memory of 3060	2128	74eebfbecb09dec824a6d66c30293d0a.exe	Server.exe
PID 2128 wrote to memory of 3060	2128	74eebfbecb09dec824a6d66c30293d0a.exe	Server.exe
PID 2128 wrote to memory of 3060	2128	74eebfbecb09dec824a6d66c30293d0a.exe	Server.exe
PID 2128 wrote to memory of 3060	2128	74eebfbecb09dec824a6d66c30293d0a.exe	Server.exe
PID 3060 wrote to memory of 2564	3060	Server.exe	WerFault.exe
PID 3060 wrote to memory of 2564	3060	Server.exe	WerFault.exe
PID 3060 wrote to memory of 2564	3060	Server.exe	WerFault.exe
PID 3060 wrote to memory of 2564	3060	Server.exe	WerFault.exe
PID 2128 wrote to memory of 2028	2128	74eebfbecb09dec824a6d66c30293d0a.exe	cmd.exe
PID 2128 wrote to memory of 2028	2128	74eebfbecb09dec824a6d66c30293d0a.exe	cmd.exe
PID 2128 wrote to memory of 2028	2128	74eebfbecb09dec824a6d66c30293d0a.exe	cmd.exe
PID 2128 wrote to memory of 2028	2128	74eebfbecb09dec824a6d66c30293d0a.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\74eebfbecb09dec824a6d66c30293d0a.exe
"C:\Users\Admin\AppData\Local\Temp\74eebfbecb09dec824a6d66c30293d0a.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2128

C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe
"C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 304
3⤵
- Loads dropped DLL
- Program crash
PID:2564

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat""
2⤵
- Deletes itself
PID:2028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Delet.bat
Filesize
184B

MD5
b74ab14d22b26c544101fa272703fb3e

SHA1
a90fe18cca184ea375b1fc8c9985df0db25a2709

SHA256
cf9727a38944cc5ceb9c5b06622bcfecb17416432c0bdcb65c4e40fc0ecf9957

SHA512
a94a94952632c2b38776949ede59679bf3ee383643a3f3faf4d5116bc1b168a055a1ad12ae4aec7d80ad4828cc990cabfcf9b8a1dc91cc64cff6cf22e11cf8c2

Download Submit
\Program Files\Common Files\Microsoft Shared\MSInfo\Server.exe
Filesize
622KB

MD5
74eebfbecb09dec824a6d66c30293d0a

SHA1
7cbe4f91d04949f6efb4053e88d561554fa75236

SHA256
944021660ccd13d1702dbb2ac36ef1cf669d5fcadf0124ececd648cdcec48b4e

SHA512
1126c04f79ba126dfd4f551954c2018c9cbe5afca95e12cefeb3e8f5babbfa41958ea44baf7a70906e3b7651dab633731e1b116229235c0a53ee7d47ff3b88eb

Download Submit
memory/2128-0-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/2128-1-0x0000000001CF0000-0x0000000001D44000-memory.dmp

Filesize
336KB

Download
memory/2128-13-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/2128-12-0x0000000003370000-0x0000000003373000-memory.dmp

Filesize
12KB

Download
memory/2128-65-0x0000000004490000-0x0000000004491000-memory.dmp

Filesize
4KB

Download
memory/2128-64-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/2128-63-0x0000000004430000-0x0000000004431000-memory.dmp

Filesize
4KB

Download
memory/2128-62-0x0000000004410000-0x0000000004411000-memory.dmp

Filesize
4KB

Download
memory/2128-61-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/2128-60-0x0000000003660000-0x0000000003661000-memory.dmp

Filesize
4KB

Download
memory/2128-59-0x00000000044A0000-0x00000000044A1000-memory.dmp

Filesize
4KB

Download
memory/2128-58-0x0000000004480000-0x0000000004481000-memory.dmp

Filesize
4KB

Download
memory/2128-57-0x0000000004460000-0x0000000004461000-memory.dmp

Filesize
4KB

Download
memory/2128-56-0x0000000004470000-0x0000000004471000-memory.dmp

Filesize
4KB

Download
memory/2128-55-0x0000000004440000-0x0000000004441000-memory.dmp

Filesize
4KB

Download
memory/2128-54-0x0000000004420000-0x0000000004421000-memory.dmp

Filesize
4KB

Download
memory/2128-53-0x0000000004400000-0x0000000004401000-memory.dmp

Filesize
4KB

Download
memory/2128-52-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/2128-51-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/2128-50-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/2128-49-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/2128-48-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/2128-47-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/2128-46-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/2128-45-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/2128-44-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/2128-43-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/2128-42-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/2128-41-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/2128-40-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/2128-39-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/2128-38-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/2128-37-0x0000000003590000-0x0000000003591000-memory.dmp

Filesize
4KB

Download
memory/2128-36-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/2128-35-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/2128-34-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/2128-33-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/2128-32-0x0000000003430000-0x0000000003431000-memory.dmp

Filesize
4KB

Download
memory/2128-31-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/2128-30-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/2128-29-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/2128-28-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2128-27-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/2128-26-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2128-25-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/2128-24-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/2128-23-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2128-22-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2128-21-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/2128-20-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2128-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2128-18-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/2128-15-0x0000000001D50000-0x0000000001D51000-memory.dmp

Filesize
4KB

Download
memory/2128-14-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2128-11-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2128-10-0x0000000001D80000-0x0000000001D81000-memory.dmp

Filesize
4KB

Download
memory/2128-9-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/2128-8-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/2128-7-0x00000000020F0000-0x00000000020F1000-memory.dmp

Filesize
4KB

Download
memory/2128-6-0x0000000001D60000-0x0000000001D61000-memory.dmp

Filesize
4KB

Download
memory/2128-5-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/2128-4-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/2128-3-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/2128-2-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2128-109-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/2128-121-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/3060-110-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download