Overview

overview

7

Static

static

3

b68fbb83eb...67.exe

windows7-x64

7

b68fbb83eb...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 20:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b68fbb83eb78ebabce7754c2642eae67.exe

  • Size

    832KB

  • MD5

    b68fbb83eb78ebabce7754c2642eae67

  • SHA1

    cfc91bd18ae1629939ef9123eaff028306abe809

  • SHA256

    99de28e9a1179c6ffe98ca4f6c03c051a435f8e6d913ca37905ffb0e3dd91546

  • SHA512

    4a645145afc448f057d325397bec70e3001738e5c20a505bccec09c55679ea379508d96421b1e4f24dd145afa024fb6b4c2ea314af21fb0e486b45c44b296b5a

  • SSDEEP

    12288:nUJ8ahYDZfUFY+0sj6D9d9pA6etej3uC+IOJ5D9d9pA20ER1Oxffk:nUJ8gTtjgZKnJpx0Xhk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b68fbb83eb78ebabce7754c2642eae67.exe
    "C:\Users\Admin\AppData\Local\Temp\b68fbb83eb78ebabce7754c2642eae67.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 384
      2⤵
      • Program crash
      PID:2616
    • C:\Users\Admin\AppData\Local\Temp\b68fbb83eb78ebabce7754c2642eae67.exe
      C:\Users\Admin\AppData\Local\Temp\b68fbb83eb78ebabce7754c2642eae67.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3052
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 352
        3⤵
        • Program crash
        PID:4128
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 768
        3⤵
        • Program crash
        PID:1328
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 788
        3⤵
        • Program crash
        PID:1824
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 796
        3⤵
        • Program crash
        PID:1416
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 776
        3⤵
        • Program crash
        PID:3216
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 824
        3⤵
        • Program crash
        PID:3272
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 2856 -ip 2856
    1⤵
      PID:784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3052 -ip 3052
      1⤵
        PID:1616
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3052 -ip 3052
        1⤵
          PID:2720
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3052 -ip 3052
          1⤵
            PID:4468
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 3052 -ip 3052
            1⤵
              PID:1840
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3052 -ip 3052
              1⤵
                PID:3440
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3052 -ip 3052
                1⤵
                  PID:2456

                Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Temp\b68fbb83eb78ebabce7754c2642eae67.exe
                        Filesize

                        832KB

                        MD5

                        cf0053e57fe745d245e5fed87c8f16e3

                        SHA1

                        c41fa8e2459ec31cd89e5bfb2f0d6a8c7672c7c2

                        SHA256

                        21de8ca0192049930ab576e993a08302db9b62ec200aab0093a062370df459e1

                        SHA512

                        c0c32297d5a6772820cb472c8b77645d5c13327fe1d8d8c55bf965d56f6154e1767cccb5f06aab8af4c8ecf9ee2323aaeea17de94fd4aca88754359fc73b4053

                        Download Submit

                      • memory/2856-0-0x0000000000400000-0x0000000000436000-memory.dmp

                        Filesize

                        216KB

                        Download

                      • memory/2856-6-0x0000000000400000-0x0000000000436000-memory.dmp

                        Filesize

                        216KB

                        Download

                      • memory/3052-7-0x0000000000400000-0x0000000000436000-memory.dmp

                        Filesize

                        216KB

                        Download

                      • memory/3052-8-0x0000000003D90000-0x0000000003DC6000-memory.dmp

                        Filesize

                        216KB

                        Download

                      • memory/3052-9-0x0000000000400000-0x0000000000415000-memory.dmp

                        Filesize

                        84KB

                        Download