ad8b4dc461af6d79a3e1d19ed2bb061f9c696721c165c0dd36895f1b3338729e

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c19d1acd15a9b4d368da0bfccca41334.exe
Size

883KB
MD5

c19d1acd15a9b4d368da0bfccca41334
SHA1

99a767667b5bc43bac2184682988ca1a6e663505
SHA256

ad8b4dc461af6d79a3e1d19ed2bb061f9c696721c165c0dd36895f1b3338729e
SHA512

68b343b64a713cdd6744d87190aa94d45be6ca6641fbf59c5154b040bc18fe9b6fc8bd0e00d962ac9e0e8957c050527287e53f0d426bffa67e64b4d1579f2481
SSDEEP

6144:h7o4wmAYuK6jGk6P+xOwfrXdFrpUxpf6lwABbxxJa/YES:5o4w06jT6WOwfZUxpfGjVDa/ZS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2860	c19d1acd15a9b4d368da0bfccca41334.exe

Executes dropped EXE 1 IoCs

pid	Process
2860	c19d1acd15a9b4d368da0bfccca41334.exe

Loads dropped DLL 4 IoCs

pid	Process
2764	c19d1acd15a9b4d368da0bfccca41334.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3048	2860	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2764	c19d1acd15a9b4d368da0bfccca41334.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2860	c19d1acd15a9b4d368da0bfccca41334.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2860	2764	c19d1acd15a9b4d368da0bfccca41334.exe	29
PID 2764 wrote to memory of 2860	2764	c19d1acd15a9b4d368da0bfccca41334.exe	29
PID 2764 wrote to memory of 2860	2764	c19d1acd15a9b4d368da0bfccca41334.exe	29
PID 2764 wrote to memory of 2860	2764	c19d1acd15a9b4d368da0bfccca41334.exe	29
PID 2860 wrote to memory of 3048	2860	c19d1acd15a9b4d368da0bfccca41334.exe	30
PID 2860 wrote to memory of 3048	2860	c19d1acd15a9b4d368da0bfccca41334.exe	30
PID 2860 wrote to memory of 3048	2860	c19d1acd15a9b4d368da0bfccca41334.exe	30
PID 2860 wrote to memory of 3048	2860	c19d1acd15a9b4d368da0bfccca41334.exe	30

C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe
"C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe
  C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 144
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe

Filesize
879KB

MD5
21c16c761ba715d075d95a3b23d9f10f

SHA1
895bb568726e7f49c982b43f28a7106b1f0e11be

SHA256
cf22f6c5b8bc5fc9c9986d061862aa36966801744e4333b25135dd7beadb7c93

SHA512
92e1f8da2ef0999a239127f66ceb4c9a482227a6195a44c9c58133a3378eef92da989d6ce0a191b3ce45e30cf7b3a4faf6673e08df3c324e46272fec6c137b33

Download Submit
\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe

Filesize
795KB

MD5
8e9111daa65d4d322115c0d76df86a54

SHA1
3f21fff64c0a443ab6f178b72052c68143ddb0b7

SHA256
203df6e8d0324ae8fe33cd9c29a0389627210d2a3c332ae6ed2fa687a70cfbc4

SHA512
1b5f1df9a530da808263a1099715bc62a36c20a81988c4dc5c9a56f738818b707a9c1a79ce0182be5f9e13edcb0a2bc366feaa805905952bc21d94fd066aee28

Download Submit
\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe

Filesize
883KB

MD5
d0f0c7f7a60f9c525814af4866e7d768

SHA1
6c286b41ca934efa3aeb3699a80c13dbbb725fe6

SHA256
6a89e376243f2d2f8221c438dd935ff6d3b1755a033662e4fb40829ecb57630a

SHA512
b0a7d916853a0ef3459d46feb44908f566453718a0e2b254a524a405cf3c75879039e3c0080fc57282a4e86d0e0d7c3799a90730f3ebf14c8685de6ddd26c9ca

Download Submit
memory/2764-0-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2764-7-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2764-8-0x00000000030B0000-0x0000000003195000-memory.dmp

Filesize
916KB

Download
memory/2860-10-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2860-11-0x0000000002EA0000-0x0000000002F85000-memory.dmp

Filesize
916KB

Download