Overview

overview

7

Static

static

3

983134ab51...36.exe

windows7-x64

7

983134ab51...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    172s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    983134ab514a937a434eba4533ed8cca471f27f6626ca2631aa05e6dfc2b0636.exe

  • Size

    832KB

  • MD5

    abe616d191a9bd74b1f0473633dc1adb

  • SHA1

    6f3f5bbdbdea5ef8d9955a41ca9570d10b0d880c

  • SHA256

    983134ab514a937a434eba4533ed8cca471f27f6626ca2631aa05e6dfc2b0636

  • SHA512

    66bc73b0b5c5bc8abd067fb157fd87fb05f795a043cc40e7d663bf48d306d0cc8030e0898353708da50e55ce0203ba5efe868e774607b9a6f6596cc22a03bfa0

  • SSDEEP

    12288:eNjguo72yc2lq4Gj6D9d9pA6etej3uC+IOJ5D9d9pA20ER1Oxffk:GjHyZkfjgZKnJpx0Xhk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\983134ab514a937a434eba4533ed8cca471f27f6626ca2631aa05e6dfc2b0636.exe
    "C:\Users\Admin\AppData\Local\Temp\983134ab514a937a434eba4533ed8cca471f27f6626ca2631aa05e6dfc2b0636.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4484
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 384
      2⤵
      • Program crash
      PID:1104
    • C:\Users\Admin\AppData\Local\Temp\983134ab514a937a434eba4533ed8cca471f27f6626ca2631aa05e6dfc2b0636.exe
      C:\Users\Admin\AppData\Local\Temp\983134ab514a937a434eba4533ed8cca471f27f6626ca2631aa05e6dfc2b0636.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2356
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 352
        3⤵
        • Program crash
        PID:3336
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 780
        3⤵
        • Program crash
        PID:452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 800
        3⤵
        • Program crash
        PID:4472
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 784
        3⤵
        • Program crash
        PID:3672
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4484 -ip 4484
    1⤵
      PID:1508
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2356 -ip 2356
      1⤵
        PID:3024
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3240 --field-trial-handle=2588,i,4353937220825226770,7138584070663735671,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:1560
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2356 -ip 2356
          1⤵
            PID:3700
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2356 -ip 2356
            1⤵
              PID:1740
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2356 -ip 2356
              1⤵
                PID:2452

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\983134ab514a937a434eba4533ed8cca471f27f6626ca2631aa05e6dfc2b0636.exe
                Filesize

                832KB

                MD5

                a76202fa96fc7d2e401e818ea22ee6cd

                SHA1

                905e79b5a2b6ae5afdc3cb1829ce280254cf1c3f

                SHA256

                d3de1bc8c4e1f08223232c72ed91d6145c2829e271e1435f7a1d4162f7e45cf5

                SHA512

                c60796206d090e5fe773305c3be2027001dc24414c33f94bb4b1739069570238769b6b081f6fb80128e51408e2288774c6027d9bfb27dcff15bbbf0f75a1d14e

                Download Submit

              • memory/2356-7-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2356-9-0x0000000000170000-0x00000000001A6000-memory.dmp

                Filesize

                216KB

                Download

              • memory/2356-8-0x0000000000400000-0x0000000000415000-memory.dmp

                Filesize

                84KB

                Download

              • memory/4484-0-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download

              • memory/4484-6-0x0000000000400000-0x0000000000436000-memory.dmp

                Filesize

                216KB

                Download