Overview

overview

7

Static

static

3

130ba28923...ec.exe

windows7-x64

7

130ba28923...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    130ba289230898ad07f6913ca7add0c382cc47b2659ef1ccc696d942c7a40bec.exe

  • Size

    448KB

  • MD5

    e8089c945aa4f26af9e00f56c387cefe

  • SHA1

    dd1d33f85b51ce199188f969bff4f0e5ac230b41

  • SHA256

    130ba289230898ad07f6913ca7add0c382cc47b2659ef1ccc696d942c7a40bec

  • SHA512

    8f098f16ccf772e493237f3e0e6e23b2731bfc1534cfd92b8b59725c31563d1e1930af5b8a26c002b1d6d5ba37efe7cb277e7f2756a0b0f66ea41e33bf0c27c0

  • SSDEEP

    6144:xBuy0+hJ6ALLx1puP53BDu0W7cyqCxSngmMBqfycuPbUl0i5cD5J6K1mx1O:xBO+hJ6ygP53p80npM4dl0v5Jdmo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\130ba289230898ad07f6913ca7add0c382cc47b2659ef1ccc696d942c7a40bec.exe
    "C:\Users\Admin\AppData\Local\Temp\130ba289230898ad07f6913ca7add0c382cc47b2659ef1ccc696d942c7a40bec.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 384
      2⤵
      • Program crash
      PID:2872
    • C:\Users\Admin\AppData\Local\Temp\130ba289230898ad07f6913ca7add0c382cc47b2659ef1ccc696d942c7a40bec.exe
      C:\Users\Admin\AppData\Local\Temp\130ba289230898ad07f6913ca7add0c382cc47b2659ef1ccc696d942c7a40bec.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4932
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 356
        3⤵
        • Program crash
        PID:1416
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 768
        3⤵
        • Program crash
        PID:4684
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 788
        3⤵
        • Program crash
        PID:1940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 784
        3⤵
        • Program crash
        PID:4980
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 776
        3⤵
        • Program crash
        PID:4192
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 792
        3⤵
        • Program crash
        PID:4728
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3924 -ip 3924
    1⤵
      PID:1272
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4932 -ip 4932
      1⤵
        PID:4504
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4932 -ip 4932
        1⤵
          PID:1324
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4932 -ip 4932
          1⤵
            PID:4732
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4932 -ip 4932
            1⤵
              PID:1908
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4932 -ip 4932
              1⤵
                PID:2024
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4932 -ip 4932
                1⤵
                  PID:3420

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\130ba289230898ad07f6913ca7add0c382cc47b2659ef1ccc696d942c7a40bec.exe
                  Filesize

                  448KB

                  MD5

                  698521c1acb1b6346a0f1a596df78849

                  SHA1

                  048b065f90b13cab7d54306e534be7af52553a32

                  SHA256

                  b045ad64d4de31c8ccda4cae52e9a9f6fd1d3e6b2dd7769bbda5680f5375a5b9

                  SHA512

                  a9f4508207e9b69ffc91d516707b327875f24068baa8316a317c371bbc4affb40ec0c5a1fe6fccbe8194472b3ae760ccf31370c6cce376bd3c48c64860fd7d25

                  Download Submit

                • memory/3924-0-0x0000000000400000-0x000000000043C000-memory.dmp

                  Filesize

                  240KB

                  Download

                • memory/3924-6-0x0000000000400000-0x000000000043C000-memory.dmp

                  Filesize

                  240KB

                  Download

                • memory/4932-7-0x0000000000400000-0x000000000043C000-memory.dmp

                  Filesize

                  240KB

                  Download

                • memory/4932-9-0x0000000000400000-0x0000000000415000-memory.dmp

                  Filesize

                  84KB

                  Download

                • memory/4932-8-0x00000000014C0000-0x00000000014FC000-memory.dmp

                  Filesize

                  240KB

                  Download