Overview

overview

7

Static

static

3

baaca19b6a...2a.exe

windows7-x64

7

baaca19b6a...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 05:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    baaca19b6ad8ea82a51017b3f02cc22a.exe

  • Size

    54KB

  • MD5

    baaca19b6ad8ea82a51017b3f02cc22a

  • SHA1

    c70729ccce217173750fd960fafb8dc08a937487

  • SHA256

    cb78cdd2a3b1851d84639bc29f72cf7e21dd82f897d4929835a95daad201c772

  • SHA512

    9d5a17706723c8131fa0afcc63e901398793c004730229141fcfeee6f5ed9ab5c30da47e18d004b53a38e3db240c6abd2b242c082002c9b0b7492a85d0a8044c

  • SSDEEP

    768:7Cy0qlxmQpMF5N88VbV3qKcj4cpGudIwSjuaEBjnYBLq6rRbkpFvY:50qlxmQpMLvpqRVXIwlaCrYBLrhO9Y

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\baaca19b6ad8ea82a51017b3f02cc22a.exe
    "C:\Users\Admin\AppData\Local\Temp\baaca19b6ad8ea82a51017b3f02cc22a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Users\Admin\AppData\Local\Temp\1.exe
      C:\Users\Admin\AppData\Local\Temp\\1.exe
      2⤵
      • Executes dropped EXE
      PID:4972
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 228
        3⤵
        • Program crash
        PID:4932
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4972 -ip 4972
    1⤵
      PID:4980

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1.exe
      Filesize

      35KB

      MD5

      c757415649133edf150a22ce548fffa7

      SHA1

      625465b20a484e49566001262e782aa4745512e9

      SHA256

      7769c79b2ae1a39e9b3e2b7d873c3a764a271c11a3c20d07e5d2e3cec3f44430

      SHA512

      84f08a1aee1a869c461e99dcff297d780cce69123c678ccdb81cbdc4b46266e4018f89f018f82949dc730469786a5119233b266fa5994ae0edfb168f20b24d6b

      Download Submit

    • memory/772-10-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4972-6-0x0000000013140000-0x00000000131846B1-memory.dmp

      Filesize

      273KB

      Download

    • memory/4972-11-0x0000000013140000-0x00000000131846B1-memory.dmp

      Filesize

      273KB

      Download