445be5f81718253d5281a362ed2c27174ce01cc60d78917d75b9fd90c0fa3694

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 04:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bfded80dbb62649a947b67c402fa8952.exe
Size

80KB
MD5

bfded80dbb62649a947b67c402fa8952
SHA1

931a604e1c41db86afbbad05a6ec5d3aa4abbdb2
SHA256

445be5f81718253d5281a362ed2c27174ce01cc60d78917d75b9fd90c0fa3694
SHA512

be84e9d1fd35abeb5a53a16720eb53b46e06cf7d927427efed7dae6e8f349912b26162dc141d06870020098f9397ab53583298c23b0107ec458c7e729015e871
SSDEEP

1536:nghS6/kfoeFsPuuOP4CJ60chgt1I/Xv3K3ffZXkMWkd3FHzJnouI8p:n+S6/kfbYOP4l0cO1IfkRXlouDp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4376	bfded80dbb62649a947b67c402fa8952.exe
4376	bfded80dbb62649a947b67c402fa8952.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Debug\62D4F8F5DDAC.dll	bfded80dbb62649a947b67c402fa8952.exe
File opened for modification	C:\Windows\Debug\62D4F8F5DDAC.dll	bfded80dbb62649a947b67c402fa8952.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1832	4376	WerFault.exe	89

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\cLsId\{7F7A1EDD-E15E-41ED-AA85-06EA55C7E13A}	bfded80dbb62649a947b67c402fa8952.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F7A1EDD-E15E-41ED-AA85-06EA55C7E13A}\ = "DIDI"	bfded80dbb62649a947b67c402fa8952.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\cLsId\{7F7A1EDD-E15E-41ED-AA85-06EA55C7E13A}\InPrOcSeRvEr32	bfded80dbb62649a947b67c402fa8952.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F7A1EDD-E15E-41ED-AA85-06EA55C7E13A}\InPrOcSeRvEr32\ = "C:\\Windows\\Debug\\62D4F8F5DDAC.dll"	bfded80dbb62649a947b67c402fa8952.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F7A1EDD-E15E-41ED-AA85-06EA55C7E13A}\InPrOcSeRvEr32\ThrEaDiNgModEL = "aPaRTmEnT"	bfded80dbb62649a947b67c402fa8952.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2828	4376	bfded80dbb62649a947b67c402fa8952.exe	90
PID 4376 wrote to memory of 2828	4376	bfded80dbb62649a947b67c402fa8952.exe	90
PID 4376 wrote to memory of 2828	4376	bfded80dbb62649a947b67c402fa8952.exe	90
PID 4376 wrote to memory of 2020	4376	bfded80dbb62649a947b67c402fa8952.exe	104
PID 4376 wrote to memory of 2020	4376	bfded80dbb62649a947b67c402fa8952.exe	104
PID 4376 wrote to memory of 2020	4376	bfded80dbb62649a947b67c402fa8952.exe	104

C:\Users\Admin\AppData\Local\Temp\bfded80dbb62649a947b67c402fa8952.exe
"C:\Users\Admin\AppData\Local\Temp\bfded80dbb62649a947b67c402fa8952.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 1.bat
  2⤵
  PID:2828
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 1.bat
  2⤵
  PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 416
  2⤵
  - Program crash
  PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4376 -ip 4376
1⤵
PID:680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.bat

Filesize
24B

MD5
a0fd2dff7c534e2e965443f37585b001

SHA1
b37ac2471d9252d6454813a24244f0662e4045b8

SHA256
71a8c2e2489325dcf73d804eb1fa219f5248c7bc5708db599489a166d4e87d3e

SHA512
67e34b2e4ab921f4e91b855965f6fac360588279a6eb840824a294a730abdc1280301a12ff688d257d3e94a9af767a4b5c0e6009f05b201e9330227923d938d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.bat

Filesize
24B

MD5
5858c7d1cf79a8e02d17478a668f674c

SHA1
6443f7c997b64873b946ca0e360d50796051b4c3

SHA256
8497ea5822cdb9f383b80292934241bd2c9ae92d1b8930033c5241e9cba0ab1b

SHA512
7a4620e691d788af10dad7ca538903c95f177e35dc01a362bf48123b8d8e4968052b75e29d1e973c7da105aef1dc5e17f107bc12547125d3653f610cd082d2ee

Download Submit
C:\Windows\debug\62D4F8F5DDAC.dll

Filesize
153KB

MD5
c01daa80b0c5121b4988b3e2b5e1c354

SHA1
1a0736749f1dd2add844e905467711557d0218c0

SHA256
3ce3f4d42610bc0e9f3120d876b3f626c7ef226138207cffad8f17bbf8d6b524

SHA512
3cc881ed0cb1fd2ed57abfc8c02928457826c07b255eafcd01fddcdb12e222ebe766c276580106ec59f2f97cd8978754cb43d56d65a01d6869fce0878402c971

Download Submit
memory/4376-0-0x0000000000400000-0x000000000043820C-memory.dmp

Filesize
224KB

Download
memory/4376-4-0x0000000000400000-0x000000000043820C-memory.dmp

Filesize
224KB

Download
memory/4376-12-0x0000000000610000-0x000000000063B000-memory.dmp

Filesize
172KB

Download
memory/4376-16-0x0000000000400000-0x000000000043820C-memory.dmp

Filesize
224KB

Download
memory/4376-17-0x0000000000610000-0x000000000063B000-memory.dmp

Filesize
172KB

Download
memory/4376-19-0x0000000000610000-0x000000000063B000-memory.dmp

Filesize
172KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads