118021742eb8f1beac97119265aae0a4e9da963e671733e8dfc64746f320f47c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 13:08

Target

abf3e9c66337d31799a60cb211d4811a.exe
Size

280KB
MD5

abf3e9c66337d31799a60cb211d4811a
SHA1

a8b40ce2a175b5377d5d5830757886ce0325e0ed
SHA256

118021742eb8f1beac97119265aae0a4e9da963e671733e8dfc64746f320f47c
SHA512

b7fd834177c914f0a0d974f5c6dd5c4423a98aaa70f370fc0d32173cbb1e5e7916e6759edc88d0d852c6543f1057f051673ea64050704e9e7d49df0d0449091d
SSDEEP

3072:SPCEEkfk5qasl5jcChjXdVZXI1jqQ7S2pCxCN6ja83Vt13GQAb5pnpvs:SaE/0qasl1hVDQ7SoNg13gbi

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4744	lassa.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\lassa.exe	abf3e9c66337d31799a60cb211d4811a.exe
File opened for modification	C:\Windows\lassa.exe	abf3e9c66337d31799a60cb211d4811a.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4248	4744	WerFault.exe	90

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 4468	2408	abf3e9c66337d31799a60cb211d4811a.exe	94
PID 2408 wrote to memory of 4468	2408	abf3e9c66337d31799a60cb211d4811a.exe	94
PID 2408 wrote to memory of 4468	2408	abf3e9c66337d31799a60cb211d4811a.exe	94

C:\Users\Admin\AppData\Local\Temp\abf3e9c66337d31799a60cb211d4811a.exe
"C:\Users\Admin\AppData\Local\Temp\abf3e9c66337d31799a60cb211d4811a.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Delete.bat
  2⤵
  PID:4468

C:\Windows\lassa.exe
C:\Windows\lassa.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4744
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 184
  2⤵
  - Program crash
  PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4744 -ip 4744
1⤵
PID:1332

C:\Delete.bat

Filesize
190B

MD5
aa9e3d10529fbd54043e5d1e6c53dc33

SHA1
71fafd22d0a8fa30650ce8d21ebade5f01a9a7e0

SHA256
614bdfdfad512f153b3695e1791a4848688e7fd70c1706a5b5f55bd47c5b2aa8

SHA512
ad50cea4b3c29d19c489cdc04cccb25b3aadc87df8b2e68ab0d5a4df2fbd73cd8cca956ebfe90a75c7ea24fc6081b75e2401429ea0d7e9efa6c62758432e672c

Download Submit
C:\Windows\lassa.exe

Filesize
280KB

MD5
abf3e9c66337d31799a60cb211d4811a

SHA1
a8b40ce2a175b5377d5d5830757886ce0325e0ed

SHA256
118021742eb8f1beac97119265aae0a4e9da963e671733e8dfc64746f320f47c

SHA512
b7fd834177c914f0a0d974f5c6dd5c4423a98aaa70f370fc0d32173cbb1e5e7916e6759edc88d0d852c6543f1057f051673ea64050704e9e7d49df0d0449091d

Download Submit
memory/2408-0-0x0000000000400000-0x0000000000439500-memory.dmp

Filesize
229KB

Download
memory/2408-8-0x0000000000400000-0x0000000000439500-memory.dmp

Filesize
229KB

Download
memory/4744-5-0x0000000000400000-0x0000000000439500-memory.dmp

Filesize
229KB

Download