Overview

overview

7

Static

static

3

c19d1acd15...34.exe

windows7-x64

7

c19d1acd15...34.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 21:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c19d1acd15a9b4d368da0bfccca41334.exe

  • Size

    883KB

  • MD5

    c19d1acd15a9b4d368da0bfccca41334

  • SHA1

    99a767667b5bc43bac2184682988ca1a6e663505

  • SHA256

    ad8b4dc461af6d79a3e1d19ed2bb061f9c696721c165c0dd36895f1b3338729e

  • SHA512

    68b343b64a713cdd6744d87190aa94d45be6ca6641fbf59c5154b040bc18fe9b6fc8bd0e00d962ac9e0e8957c050527287e53f0d426bffa67e64b4d1579f2481

  • SSDEEP

    6144:h7o4wmAYuK6jGk6P+xOwfrXdFrpUxpf6lwABbxxJa/YES:5o4w06jT6WOwfZUxpfGjVDa/ZS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe
    "C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 344
      2⤵
      • Program crash
      PID:644
    • C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe
      C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3928
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 344
        3⤵
        • Program crash
        PID:3252
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 404
        3⤵
        • Program crash
        PID:2300
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2012 -ip 2012
    1⤵
      PID:4748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3928 -ip 3928
      1⤵
        PID:4036
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3928 -ip 3928
        1⤵
          PID:3328
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:3684

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\c19d1acd15a9b4d368da0bfccca41334.exe
            Filesize

            883KB

            MD5

            d82b3f9b937512e16035abed5ce62384

            SHA1

            6e1b371bd6ac6e6d8cfe1363eba0c7673ccb6e76

            SHA256

            6fde4421e78c81b7cafacb40ec8e75f5ad3c5e65bd3d7768563a8882bcf104b4

            SHA512

            2b084e33553f9e9b668f35ea2b11c3f1e16a6606841c85092a4fd0bd6d419ba659cb114206ee6d963563d44d2675b4b4ab220152f47839de3e8093e56351f7fd

            Download Submit

          • memory/2012-0-0x0000000000400000-0x00000000004E5000-memory.dmp

            Filesize

            916KB

            Download

          • memory/2012-1-0x0000000000400000-0x00000000004E5000-memory.dmp

            Filesize

            916KB

            Download

          • memory/2012-9-0x0000000000400000-0x00000000004E5000-memory.dmp

            Filesize

            916KB

            Download

          • memory/3928-10-0x0000000000400000-0x00000000004E5000-memory.dmp

            Filesize

            916KB

            Download

          • memory/3928-11-0x0000000005090000-0x0000000005175000-memory.dmp

            Filesize

            916KB

            Download

          • memory/3928-12-0x0000000000400000-0x00000000004A3000-memory.dmp

            Filesize

            652KB

            Download