Overview

overview

7

Static

static

3

b02e8d1b32...56.exe

windows7-x64

7

b02e8d1b32...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-03-2024 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b02e8d1b32879db8f7eb335ac0c0a43287612e8234deba45dfba624ae1117956.exe

  • Size

    668KB

  • MD5

    065ac57995cf18d6d237b105b42a3d03

  • SHA1

    f62345a3593073597b46321b11af343435f8d053

  • SHA256

    b02e8d1b32879db8f7eb335ac0c0a43287612e8234deba45dfba624ae1117956

  • SHA512

    78610b46d8b534fc473dfdaa72d1ead1c4200cdb3474f75d3125e2e4383823280d72cb67675851fe23e3a4d1324d3041549fcdc681d016195352b0c1f73cba85

  • SSDEEP

    12288:xeO93+nxZYtXDKlJDHUVQ5zCN2j6FB5WMlL143VQ5zCSjdgEi0kXz:cO93+n7YtTKlJDHUVQ5zg2mblLO3VQ5u

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b02e8d1b32879db8f7eb335ac0c0a43287612e8234deba45dfba624ae1117956.exe
    "C:\Users\Admin\AppData\Local\Temp\b02e8d1b32879db8f7eb335ac0c0a43287612e8234deba45dfba624ae1117956.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 396
      2⤵
      • Program crash
      PID:4756
    • C:\Users\Admin\AppData\Local\Temp\b02e8d1b32879db8f7eb335ac0c0a43287612e8234deba45dfba624ae1117956.exe
      C:\Users\Admin\AppData\Local\Temp\b02e8d1b32879db8f7eb335ac0c0a43287612e8234deba45dfba624ae1117956.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1624
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 372
        3⤵
        • Program crash
        PID:2092
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1572 -ip 1572
    1⤵
      PID:552
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1624 -ip 1624
      1⤵
        PID:208

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\b02e8d1b32879db8f7eb335ac0c0a43287612e8234deba45dfba624ae1117956.exe
        Filesize

        668KB

        MD5

        abca8a1c9ab6e94ea2f76fe8e891b9e3

        SHA1

        163bfe320759c65c25bc8b38ed200565e252f848

        SHA256

        c58134427b4fc53a52dcddb415b3218ec204fe4a667af85382a52a293bb91f22

        SHA512

        83e344b7906de6c043c3de839291b765a043cf88d81e6fcf42e1ce6c2491173fc9e417ac9ca142e547f326ac19fbfe1b754c57618aaf92a3cae4d964cfe3f360

        Download Submit

      • memory/1572-0-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/1572-6-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/1624-7-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/1624-9-0x0000000001680000-0x00000000016C1000-memory.dmp

        Filesize

        260KB

        Download

      • memory/1624-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download