Overview

overview

3

Static

static

3

bb8f5fbb21...67.exe

windows7-x64

1

bb8f5fbb21...67.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 15:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb8f5fbb212cb84aa412df46d6550067.exe

  • Size

    1.4MB

  • MD5

    bb8f5fbb212cb84aa412df46d6550067

  • SHA1

    56ef16dc507ed75de0b4b1e6e386bf3f1f011f46

  • SHA256

    1476caff3f0f7db741a81fc767a531eaab9b480b800e76e80e9620befafe2a20

  • SHA512

    8d52d3805aeb0984a648f85048e077ac31a05779eb8d1c0f77b4c261dde2fea66d2829f8b8bb851e6363b75776fbf5a7a407eb9aafb77915bb4eb2605cb3bfc7

  • SSDEEP

    24576:TXaRicFDnikUa0BVdybnnavdZbVESwGMx0/J20Kczyiz25r:76ikU0bnaTbVESGIJ20KczQ

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb8f5fbb212cb84aa412df46d6550067.exe
    "C:\Users\Admin\AppData\Local\Temp\bb8f5fbb212cb84aa412df46d6550067.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:4588
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 576
      2⤵
      • Program crash
      PID:1524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 596
      2⤵
      • Program crash
      PID:1404
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4588 -ip 4588
    1⤵
      PID:4920
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4588 -ip 4588
      1⤵
        PID:4576

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4588-0-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4588-2-0x000000000BBD0000-0x000000000BBD2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4588-3-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download