071ef94f61b04836c1d9f1d51261f7374db152565052a23d07a09cb1ea356417

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 03:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b501f7de309b25a1628d7c15804ef81.exe
Size

655KB
MD5

8b501f7de309b25a1628d7c15804ef81
SHA1

63dada412cf160bff55bf921910668b600aac72a
SHA256

071ef94f61b04836c1d9f1d51261f7374db152565052a23d07a09cb1ea356417
SHA512

1aad4678c3bfc3bea5a111178e018163d185ffe18517ed03159c016d6fd2212891305224bb76c5ef922347847dfd49b75d0b246863887226f9f74abd99a1bc27
SSDEEP

12288:UaKWrTjY4RICctN/uscqta6g/MnTz+m4P01vuOXKFsWMX1Rg:FKUTjYoICczmscOaKTiDPX1zv

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1500	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2248	Server.exe

Loads dropped DLL 5 IoCs

pid	Process
2436	8b501f7de309b25a1628d7c15804ef81.exe
2436	8b501f7de309b25a1628d7c15804ef81.exe
1784	WerFault.exe
1784	WerFault.exe
1784	WerFault.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2248 set thread context of 2544	2248	Server.exe	29

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Server.exe	8b501f7de309b25a1628d7c15804ef81.exe
File opened for modification	C:\Program Files\Server.exe	8b501f7de309b25a1628d7c15804ef81.exe
File created	C:\Program Files\Delet.bat	8b501f7de309b25a1628d7c15804ef81.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\_Server.exe	Server.exe
File created	C:\Windows\_Server.exe	Server.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1784	2248	WerFault.exe	28

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2248	2436	8b501f7de309b25a1628d7c15804ef81.exe	28
PID 2436 wrote to memory of 2248	2436	8b501f7de309b25a1628d7c15804ef81.exe	28
PID 2436 wrote to memory of 2248	2436	8b501f7de309b25a1628d7c15804ef81.exe	28
PID 2436 wrote to memory of 2248	2436	8b501f7de309b25a1628d7c15804ef81.exe	28
PID 2248 wrote to memory of 2544	2248	Server.exe	29
PID 2248 wrote to memory of 2544	2248	Server.exe	29
PID 2248 wrote to memory of 2544	2248	Server.exe	29
PID 2248 wrote to memory of 2544	2248	Server.exe	29
PID 2248 wrote to memory of 2544	2248	Server.exe	29
PID 2248 wrote to memory of 2544	2248	Server.exe	29
PID 2248 wrote to memory of 1784	2248	Server.exe	30
PID 2248 wrote to memory of 1784	2248	Server.exe	30
PID 2248 wrote to memory of 1784	2248	Server.exe	30
PID 2248 wrote to memory of 1784	2248	Server.exe	30
PID 2436 wrote to memory of 1500	2436	8b501f7de309b25a1628d7c15804ef81.exe	33
PID 2436 wrote to memory of 1500	2436	8b501f7de309b25a1628d7c15804ef81.exe	33
PID 2436 wrote to memory of 1500	2436	8b501f7de309b25a1628d7c15804ef81.exe	33
PID 2436 wrote to memory of 1500	2436	8b501f7de309b25a1628d7c15804ef81.exe	33

C:\Users\Admin\AppData\Local\Temp\8b501f7de309b25a1628d7c15804ef81.exe
"C:\Users\Admin\AppData\Local\Temp\8b501f7de309b25a1628d7c15804ef81.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Program Files\Server.exe
  "C:\Program Files\Server.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:2544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 320
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1784
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Program Files\Delet.bat""
  2⤵
  - Deletes itself
  PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Delet.bat

Filesize
184B

MD5
db1129d0b8e0283be8a8ebec352a740e

SHA1
7c70d93f4cff4fb3a8af142ed35f9c38ad6c5408

SHA256
37613ef10a2ed7ff5fe468f1528ff2b2ad7aca6edd90907291797cee41f20b04

SHA512
78c88c1cfb6f1f463eaf0a2f80bf3dd6d833af5db56bdc131228e515b26320452e77b04d46d97f1d3fbc13f7f4f0180ba2a3862ee173727b882ffcbc1eff374e

Download Submit
\Program Files\Server.exe

Filesize
655KB

MD5
8b501f7de309b25a1628d7c15804ef81

SHA1
63dada412cf160bff55bf921910668b600aac72a

SHA256
071ef94f61b04836c1d9f1d51261f7374db152565052a23d07a09cb1ea356417

SHA512
1aad4678c3bfc3bea5a111178e018163d185ffe18517ed03159c016d6fd2212891305224bb76c5ef922347847dfd49b75d0b246863887226f9f74abd99a1bc27

Download Submit
memory/2436-0-0x0000000000400000-0x00000000005C6000-memory.dmp

Filesize
1.8MB

Download
memory/2436-1-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2436-2-0x0000000000390000-0x00000000003E4000-memory.dmp

Filesize
336KB

Download
memory/2436-5-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/2436-6-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/2436-7-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2436-8-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download
memory/2436-9-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/2436-10-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/2436-11-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/2436-12-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/2436-13-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/2436-14-0x0000000003410000-0x0000000003413000-memory.dmp

Filesize
12KB

Download
memory/2436-15-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/2436-16-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/2436-17-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2436-18-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/2436-19-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2436-20-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2436-21-0x0000000003430000-0x0000000003431000-memory.dmp

Filesize
4KB

Download
memory/2436-22-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2436-23-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2436-24-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/2436-26-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/2436-25-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/2436-27-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/2436-29-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/2436-28-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/2436-31-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2436-30-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/2436-33-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/2436-32-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2436-34-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/2436-35-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/2436-37-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/2436-36-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/2436-38-0x0000000003660000-0x0000000003661000-memory.dmp

Filesize
4KB

Download
memory/2436-40-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/2436-39-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/2436-42-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/2436-41-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/2436-43-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/2436-44-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/2436-46-0x00000000036E0000-0x00000000036E1000-memory.dmp

Filesize
4KB

Download
memory/2436-49-0x00000000036F0000-0x00000000036F1000-memory.dmp

Filesize
4KB

Download
memory/2436-50-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/2436-51-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/2436-48-0x0000000003700000-0x0000000003701000-memory.dmp

Filesize
4KB

Download
memory/2436-47-0x00000000036D0000-0x00000000036D1000-memory.dmp

Filesize
4KB

Download
memory/2436-45-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/2436-52-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2436-53-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/2436-54-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/2436-55-0x0000000003780000-0x0000000003781000-memory.dmp

Filesize
4KB

Download
memory/2436-56-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/2436-57-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/2436-58-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/2436-59-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/2436-60-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/2436-61-0x00000000037E0000-0x00000000037E1000-memory.dmp

Filesize
4KB

Download
memory/2436-62-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/2436-63-0x0000000003800000-0x0000000003801000-memory.dmp

Filesize
4KB

Download
memory/2436-64-0x00000000037F0000-0x00000000037F1000-memory.dmp

Filesize
4KB

Download
memory/2436-65-0x0000000003820000-0x0000000003821000-memory.dmp

Filesize
4KB

Download
memory/2544-115-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2544-120-0x0000000000400000-0x00000000005C6000-memory.dmp

Filesize
1.8MB

Download