7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe
Size

192KB
MD5

fc0976750a6d5f9b73cb2541edc8c8e6
SHA1

9c5e27c88215e613d27275dfae32dc15637b6ca0
SHA256

7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b
SHA512

d5b71d358503931faeba03b88d0e472aa20ee5b4638db18178b6ac6345bfb80bcfe92a5c81fa340cc46878fc57b4f77d0b02fd9126161143887a072eab4fc989
SSDEEP

6144:L4r7t9bWtu43gEXLkyNlMiKmX4NIDEqZq:Eb/43QyN1AwEqZq

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4308	7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe

Executes dropped EXE 1 IoCs

pid	Process
4308	7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2232	624	WerFault.exe	87
4576	4308	WerFault.exe	94
3600	4308	WerFault.exe	94
3260	4308	WerFault.exe	94
1796	4308	WerFault.exe	94
2552	4308	WerFault.exe	94
2456	4308	WerFault.exe	94

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
624	7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
4308	7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 4308	624	7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe	94
PID 624 wrote to memory of 4308	624	7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe	94
PID 624 wrote to memory of 4308	624	7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe	94

C:\Users\Admin\AppData\Local\Temp\7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe
"C:\Users\Admin\AppData\Local\Temp\7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 384
  2⤵
  - Program crash
  PID:2232
- C:\Users\Admin\AppData\Local\Temp\7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe
  C:\Users\Admin\AppData\Local\Temp\7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4308
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 352
    3⤵
    - Program crash
    PID:4576
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 768
    3⤵
    - Program crash
    PID:3600
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 812
    3⤵
    - Program crash
    PID:3260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 820
    3⤵
    - Program crash
    PID:1796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 776
    3⤵
    - Program crash
    PID:2552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 784
    3⤵
    - Program crash
    PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 624 -ip 624
1⤵
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4308 -ip 4308
1⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4308 -ip 4308
1⤵
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4308 -ip 4308
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4308 -ip 4308
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4308 -ip 4308
1⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4308 -ip 4308
1⤵
PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7841a8930779d407a77a58c66b576c213f14e845497898175708cba7ab97306b.exe

Filesize
192KB

MD5
31275960390d8bc4289eec59a46ff43f

SHA1
dcb973dc9291a94526434f9ad8af271172f20d49

SHA256
cf4bf6d9c57086141a2ba4d0c313e2e6ed43b8e7eb8b4ef22a3570bfe05405b3

SHA512
6a656fd2b20ebb03f2bf442ed4ea90492f9c71fe232b8bba76355dc74fa4d99ad69e76cf00e49244b61dc1fc5149aaac12d47d8e34358a1004ead69a73d82924

Download Submit
memory/624-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/624-6-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/4308-7-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/4308-8-0x0000000003D80000-0x0000000003DB8000-memory.dmp

Filesize
224KB

Download
memory/4308-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download