07aca79806720586e5dbbc1eba53725c011be7b75fdbff518ecc57e684cde8b3

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2f1335f500e96a1081fd44ac6b72f28.exe
Size

189KB
MD5

a2f1335f500e96a1081fd44ac6b72f28
SHA1

d6f4e392a70713947ef6154f6a0acd0600ffa3b8
SHA256

07aca79806720586e5dbbc1eba53725c011be7b75fdbff518ecc57e684cde8b3
SHA512

bcc998134f7bee994d77ffbe73022cfda5aba2661c2aec099bd006b53b0b76b60a9437b78340319ee59e2e79b8328aad06fbcb9bd61ef7a5a5b50d12b3b6c57e
SSDEEP

3072:ftVPX6tSkwHsQQfoTIFa6caOe/t1zj/r/j3O6ZJ3An+PAW9eIhedCyXhCw3BDR:/8Zfmen1nr/j+6b3YW9ego53BDR

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2668	a2f1335f500e96a1081fd44ac6b72f28.exe

Executes dropped EXE 1 IoCs

pid	Process
2668	a2f1335f500e96a1081fd44ac6b72f28.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
4792	4120	WerFault.exe	84
4700	2668	WerFault.exe	88
4132	2668	WerFault.exe	88
4072	2668	WerFault.exe	88
1516	2668	WerFault.exe	88
1580	2668	WerFault.exe	88
3908	2668	WerFault.exe	88

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4120	a2f1335f500e96a1081fd44ac6b72f28.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2668	a2f1335f500e96a1081fd44ac6b72f28.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 2668	4120	a2f1335f500e96a1081fd44ac6b72f28.exe	88
PID 4120 wrote to memory of 2668	4120	a2f1335f500e96a1081fd44ac6b72f28.exe	88
PID 4120 wrote to memory of 2668	4120	a2f1335f500e96a1081fd44ac6b72f28.exe	88

C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe
"C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 384
  2⤵
  - Program crash
  PID:4792
- C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe
  C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 352
    3⤵
    - Program crash
    PID:4700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 768
    3⤵
    - Program crash
    PID:4132
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 772
    3⤵
    - Program crash
    PID:4072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 768
    3⤵
    - Program crash
    PID:1516
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 808
    3⤵
    - Program crash
    PID:1580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 784
    3⤵
    - Program crash
    PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4120 -ip 4120
1⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2668 -ip 2668
1⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2668 -ip 2668
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2668 -ip 2668
1⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2668 -ip 2668
1⤵
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2668 -ip 2668
1⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2668 -ip 2668
1⤵
PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2f1335f500e96a1081fd44ac6b72f28.exe

Filesize
189KB

MD5
eb156ab83f83fdebd4a5210e46892c63

SHA1
402d0aa48b8620a87201b5bb23ca2ab51288e28e

SHA256
9817c190d4e463d86c4610d2df96d810996f16adb86e9735bb126ffc59a33e47

SHA512
d89d6bac88c26bf94af5392a87f52b6fecea96d0587e52659f589644d2b4673b9e9577f62214efc2f85ed8ae569bf92d05a0a3a6c9e2b8496e261a30471d7471

Download Submit
memory/2668-7-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2668-9-0x00000000014C0000-0x00000000014FC000-memory.dmp

Filesize
240KB

Download
memory/2668-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4120-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4120-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download