Overview

overview

7

Static

static

3

8cbafe0bed...1c.exe

windows7-x64

7

8cbafe0bed...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8cbafe0bed7343ecf14df28760b89d48ad39efe3ccf34203156348b62b2ce21c.exe

  • Size

    223KB

  • MD5

    b41acc3d975e89a5dc131fa5876d319e

  • SHA1

    044f701f8ae146b7ed329aa180bf429bf0486be9

  • SHA256

    8cbafe0bed7343ecf14df28760b89d48ad39efe3ccf34203156348b62b2ce21c

  • SHA512

    db067c947891cff3dccdfd5fece3545cc68a673d60dce2f683604fdd05dc4ad87801f7e93d3077342ee613aeadd516840ec3333605630fcf464b10e8367bca42

  • SSDEEP

    3072:ZxNgFLDtAXc/ZXfiBuI0+fgrcyhkdO7ZuQNdoLRXG8rGLZH1jl8SwxB8lyoaQ6sl:fNisc/qDpfgt1uQ/lLm4ZaQ6soWd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cbafe0bed7343ecf14df28760b89d48ad39efe3ccf34203156348b62b2ce21c.exe
    "C:\Users\Admin\AppData\Local\Temp\8cbafe0bed7343ecf14df28760b89d48ad39efe3ccf34203156348b62b2ce21c.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 396
      2⤵
      • Program crash
      PID:4592
    • C:\Users\Admin\AppData\Local\Temp\8cbafe0bed7343ecf14df28760b89d48ad39efe3ccf34203156348b62b2ce21c.exe
      C:\Users\Admin\AppData\Local\Temp\8cbafe0bed7343ecf14df28760b89d48ad39efe3ccf34203156348b62b2ce21c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 372
        3⤵
        • Program crash
        PID:3896
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2396 -ip 2396
    1⤵
      PID:1168
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2868 -ip 2868
      1⤵
        PID:468

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\8cbafe0bed7343ecf14df28760b89d48ad39efe3ccf34203156348b62b2ce21c.exe
        Filesize

        223KB

        MD5

        7791a8034e3e01ce2e23f8b5c8c5243d

        SHA1

        77afd6f07097df6cfbdee6cb236717d301140176

        SHA256

        687666bc876cf95b256895be99ae289e61e6b7c567ec1991fbb61fee5c6cb83a

        SHA512

        fda083dd78f8d72eb16b7303ac15a9efeead6d5915adf0ab3b01e7f22f238de15f53a6a0a780a51848061736c50f65caf90271080a3e53b27c75cc32e4241367

        Download Submit

      • memory/2396-0-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2396-6-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2868-7-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2868-9-0x00000000014D0000-0x0000000001516000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2868-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2868-14-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download