bd57459a2f276b92b03f6c1a9302bb5f8b6f4b902301be3557f182b5cad960d8

Analysis

max time kernel
143s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 05:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

796d7b1934e23131acf7d42199020586.exe
Size

418KB
MD5

796d7b1934e23131acf7d42199020586
SHA1

7a6ac6c44b489c9fa269a859ff4a70c50c68c846
SHA256

bd57459a2f276b92b03f6c1a9302bb5f8b6f4b902301be3557f182b5cad960d8
SHA512

ca3d3fd1f963b3529db396ecd2e3537a09f603f3faca3ec7aaa167c563ac0a5065962dd08f7fabb6644f6490e1d93438361fc567c36a9adcaff9bef3e61b2883
SSDEEP

12288:sY5Ymqw/87Z2ljexOX8E5AY4mof/O3oqYiQB:sY5Ymqq87ZG2OmnFW3pT

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WdkelrI = "C:\\Users\\Admin\\AppData\\Local\\Temp\\796d7b1934e23131acf7d42199020586.exe"	796d7b1934e23131acf7d42199020586.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4024	372	WerFault.exe	85

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
372	796d7b1934e23131acf7d42199020586.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
372	796d7b1934e23131acf7d42199020586.exe

C:\Users\Admin\AppData\Local\Temp\796d7b1934e23131acf7d42199020586.exe
"C:\Users\Admin\AppData\Local\Temp\796d7b1934e23131acf7d42199020586.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
PID:372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 384
  2⤵
  - Program crash
  PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 372 -ip 372
1⤵
PID:3856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/372-0-0x0000000000400000-0x00000000004FC000-memory.dmp

Filesize
1008KB

Download
memory/372-2-0x00000000006C0000-0x0000000000707000-memory.dmp

Filesize
284KB

Download
memory/372-4-0x0000000000520000-0x000000000052D000-memory.dmp

Filesize
52KB

Download
memory/372-3-0x0000000000400000-0x00000000004FC000-memory.dmp

Filesize
1008KB

Download
memory/372-6-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/372-5-0x0000000002AA0000-0x0000000002B17000-memory.dmp

Filesize
476KB

Download
memory/372-8-0x00000000006C0000-0x0000000000707000-memory.dmp

Filesize
284KB

Download
memory/372-9-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads