Overview

overview

7

Static

static

3

9b3895b60a...74.exe

windows7-x64

7

9b3895b60a...74.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$TEMP/jah312913.exe

windows7-x64

3

$TEMP/jah312913.exe

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-02-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b3895b60aa7ea40160141ad7cb1d574.exe

  • Size

    78KB

  • MD5

    9b3895b60aa7ea40160141ad7cb1d574

  • SHA1

    7d0ec762822cbcdcc514919348ec208ea10f8768

  • SHA256

    cf2db4e305a4754cf4d9799d4681b0414b556f0fd83b5760e07c88fff637cb1f

  • SHA512

    24cff8694a04940e994c320068338d489df9f526de9bbec9dcd0d61a408ecee91b841c92c5e2c21c38f8bc645c0d6c1e323b036591ebbbd0739eeb55b02efa4d

  • SSDEEP

    1536:iZS8H/GZJ402wL7iHwMdnE4tmJ/SnKBjAlc0eV/9u68k6yNsbhC5aUFGVv9XGVv4:i8D40rL2DnVmJanK7/9u6pNuMVuVYg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b3895b60aa7ea40160141ad7cb1d574.exe
    "C:\Users\Admin\AppData\Local\Temp\9b3895b60aa7ea40160141ad7cb1d574.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\jah312913.exe
      C:\Users\Admin\AppData\Local\Temp\jah312913.exe
      2⤵
      • Executes dropped EXE
      PID:2420
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 224
        3⤵
        • Program crash
        PID:4016
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2420 -ip 2420
    1⤵
      PID:4088

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\jah312913.exe
      Filesize

      31KB

      MD5

      f56df4dcfd49c789e0c83e160c1ce623

      SHA1

      e9e2deaa69224c12c089826bd52a18592625b4df

      SHA256

      25d7057b821465f5238226b3846b4b4e589e713265f7cf8dff40ba1c3560c0e1

      SHA512

      f76e7e1f3feb3b98f25eb12885b44b92a7dde66c929721d13518486b9a4564f1fcaeeaadb7cb97f4911711c252dd43383a2fc248a3a52a1c3c62ddd00cc85036

      Download Submit

    • memory/2420-6-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download