e9cc3b13dd371b062ecca23d4a78818a534fb7024e0e5af2859024a0b1f2e807

Analysis

max time kernel
141s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 08:28

Target

HEUR-Trojan.Win32.Selfmod.exe
Size

218KB
MD5

11bf0d021b0aac3cba376326726a1633
SHA1

0c8e1f392cd8bfa11e8cf354ba78cc4d27bf6e15
SHA256

e9cc3b13dd371b062ecca23d4a78818a534fb7024e0e5af2859024a0b1f2e807
SHA512

334b706826f638676da887ba9cc57c302d1db6705a77993a728456231795945a0414b07554707cdd81664baaa5b35d4e095133e0ab049b6e71f6f262c741789c
SSDEEP

3072:m6j4LkjoaAW3YC1f1YBuPHBPB1wDKSRMHOMEcr3hZVDneCRpmiaoG9QxsM+NAFa:G2AnTU6DKMqOMdZVbXX9aLisM+Nea

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1152	HEUR-Trojan.Win32.Selfmod.exe

Executes dropped EXE 1 IoCs

pid	Process
1152	HEUR-Trojan.Win32.Selfmod.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4068	1132	WerFault.exe	93
3728	1152	WerFault.exe	102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1132	HEUR-Trojan.Win32.Selfmod.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1152	HEUR-Trojan.Win32.Selfmod.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 1152	1132	HEUR-Trojan.Win32.Selfmod.exe	102
PID 1132 wrote to memory of 1152	1132	HEUR-Trojan.Win32.Selfmod.exe	102
PID 1132 wrote to memory of 1152	1132	HEUR-Trojan.Win32.Selfmod.exe	102

C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe
"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 396
  2⤵
  - Program crash
  PID:4068
- C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe
  C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1152
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 364
    3⤵
    - Program crash
    PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1132 -ip 1132
1⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1152 -ip 1152
1⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
1⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe

Filesize
218KB

MD5
0f3f5c3e865172dd24c58cc8a1dd51a9

SHA1
d9c1f0e621fd74a7fab624a33b9b113180f187b9

SHA256
ed806d43e4bbb8075588a06a4f3795a68f47ef44e1c899f252a550dd203f191d

SHA512
55807ee2570e520e4b946ef51d8824d92860f46fc940ccca6d07326db90db20bab5321cb2394a7b0a251dbe1903a144d36a8f8ad2219384421903ac4ed16aa24

Download Submit
memory/1132-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1132-6-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1152-7-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1152-8-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1152-12-0x0000000001520000-0x0000000001562000-memory.dmp

Filesize
264KB

Download