Overview

overview

6

Static

static

3

7fe7803e1b...08.exe

windows7-x64

6

7fe7803e1b...08.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2024, 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7fe7803e1b7275d87764578a3ed65508.exe

  • Size

    177KB

  • MD5

    7fe7803e1b7275d87764578a3ed65508

  • SHA1

    42c2d1cf84e11dc851c6c3bf4860041f38b04455

  • SHA256

    e354bc1b5229233b255c05db18286de473ecfd2602bb5dc91cab3c300dbd0181

  • SHA512

    c4e257f3330adeab1ae3f8822acc5413784de616a3604204e2ef89f0972a9df2cc26d8025bd25890c45ee67e94a1c4b5d76daeea867368fbd7a4612fc8acffde

  • SSDEEP

    3072:75IpZ9Wafm1YXFknyk82REcdZmaiabcMMRZkzPYHn93KlX9awYE8gcHHyAmAU:mpZ5fcYVu/YMoarIZkzAH94apZmA

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fe7803e1b7275d87764578a3ed65508.exe
    "C:\Users\Admin\AppData\Local\Temp\7fe7803e1b7275d87764578a3ed65508.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    PID:4416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 840
      2⤵
      • Program crash
      PID:800
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4416 -ip 4416
    1⤵
      PID:4420

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4416-0-0x0000000000450000-0x000000000046E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4416-1-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4416-17-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download