639a86b3ad715ebd3bcaf478b2327feae23a582e46adb310eb6966e173e8735e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86e1242c6896eca6e28ea8ad9513c76e.exe
Size

6.9MB
MD5

86e1242c6896eca6e28ea8ad9513c76e
SHA1

5b545391f20f77bfc10304c5dd46e5bbd38d69f4
SHA256

639a86b3ad715ebd3bcaf478b2327feae23a582e46adb310eb6966e173e8735e
SHA512

b2c25d300f96f4fec831a7ddf76790a34c68d34c74f16094bb98d24499d113a4489906276ce590882aee334f2ec488ecbf3e46b01d018148f7b334494312bf64
SSDEEP

49152:BkNYDEWgfniXtXIMfX2wGBDDQ/XSHdX4MPXGgCaSsgfniXtXIMfX2wGBDDQ/XSHX:BmJkXtWHdYaSKXtWHd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3016	86e1242c6896eca6e28ea8ad9513c76e.exe

Loads dropped DLL 4 IoCs

pid	Process
2476	86e1242c6896eca6e28ea8ad9513c76e.exe
2424	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2424	3016	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2476	86e1242c6896eca6e28ea8ad9513c76e.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3016	86e1242c6896eca6e28ea8ad9513c76e.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 3016	2476	86e1242c6896eca6e28ea8ad9513c76e.exe	29
PID 2476 wrote to memory of 3016	2476	86e1242c6896eca6e28ea8ad9513c76e.exe	29
PID 2476 wrote to memory of 3016	2476	86e1242c6896eca6e28ea8ad9513c76e.exe	29
PID 2476 wrote to memory of 3016	2476	86e1242c6896eca6e28ea8ad9513c76e.exe	29
PID 3016 wrote to memory of 2424	3016	86e1242c6896eca6e28ea8ad9513c76e.exe	30
PID 3016 wrote to memory of 2424	3016	86e1242c6896eca6e28ea8ad9513c76e.exe	30
PID 3016 wrote to memory of 2424	3016	86e1242c6896eca6e28ea8ad9513c76e.exe	30
PID 3016 wrote to memory of 2424	3016	86e1242c6896eca6e28ea8ad9513c76e.exe	30

C:\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe
"C:\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe
  C:\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 144
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe

Filesize
466KB

MD5
848784b7339e5762bf0f33088888aafd

SHA1
e4191ed084723863ccc73affe0cad1cca9d7d510

SHA256
4ece4b6dd7d751850a487e0f24f88cf79e67ba15c2bcdda1b02eef4ce83bf95d

SHA512
d52a37343505982f53edc0ac665d23750388ee359564bd78b07fd148a5936ed38310db9cdd1eb9fcfd257cb0e435e76c71e952f06f3febdc95697e504074d053

Download Submit
\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe

Filesize
337KB

MD5
c308ad87b63de976657b75c82648ad18

SHA1
ec69999f44c9d3d4f908354424fe1ec152ed5e3c

SHA256
e9612a9f057b588824a739a4535db4d8b3ea1197d7a08666a9883dbb05e74230

SHA512
9943ab458bf6f7a7d2c5a1628d894b1e3928fc1e16fbd6da99b4bcac07f20750a58bca517fded8b65c5a5c2a47c3fa30e683ca5d53be9cd27de882c87eb8a035

Download Submit
\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe

Filesize
383KB

MD5
3496f916a1734b7228bd1c1a9b28330a

SHA1
6e4baa0addf7e8ab402aa450fd89ed56cad7f3e1

SHA256
62b5c72d662f86b7fb20558c00abd2b7237f0e556f3594fa447550867ad636da

SHA512
7b989168b57823210d45ed5185f0c9f1c4024e51dd07f731b2e9388c427e70b58a82c5ff7869a971e7538e23793e352ae373c3f49e2a34a84c5ea36257de11bf

Download Submit
\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe

Filesize
286KB

MD5
5ae12e7d3e76789410061e82f7b16e34

SHA1
6830f7b1c29d33f09eaddcd9ff814c3e48db1ee1

SHA256
12052f2d38d6aec2abf72bd0066972ab41acc1b12e5868d471daaaac058778c5

SHA512
c14c01401f7df04ad9515fde30b8b39c091abd8aff4d0334381ab1ee62bf7046169fab6fa512514ada8727ea9fc8d9e9f5a685aaaec80b74376ccb910ac83218

Download Submit
\Users\Admin\AppData\Local\Temp\86e1242c6896eca6e28ea8ad9513c76e.exe

Filesize
1.9MB

MD5
d9a52c44541456b9a427ba477d59f44c

SHA1
20ba14ea0db86d24bd2482dd35c101e389e67784

SHA256
67da12cfe324811d048ce2c3123a75ad1181e17c24aa50f9b2a51c926eb336d9

SHA512
38a8af2a58dbb15ffb8e82fc42a693e62e970cd493da1f7677dec2ad7e52fd04eb347d561c5d2c6d1b0dd579e3aed8f5e94820f99c5ccade4dc166cbf0e521f1

Download Submit
memory/2476-0-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2476-6-0x0000000003440000-0x0000000003525000-memory.dmp

Filesize
916KB

Download
memory/2476-8-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/3016-10-0x00000000002B0000-0x0000000000395000-memory.dmp

Filesize
916KB

Download
memory/3016-11-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download