Overview

overview

7

Static

static

3

71112cfb3f...38.exe

windows7-x64

7

71112cfb3f...38.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    160s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71112cfb3fc619e70939e7f07dfccc38.exe

  • Size

    431KB

  • MD5

    71112cfb3fc619e70939e7f07dfccc38

  • SHA1

    aa2c63de85e0b8dc1e1e2a43415382a5dae0e481

  • SHA256

    9e540f108e1c383ba1e4c8ae0d9a9d5d92d00e483f1efb2573a1cc54e0593be1

  • SHA512

    756778fc5bb50432d845e3cbf510793b0ab0c25f26b2d313b5c148be368fc3257bab9ca43cf03261f8eef8040a354e32eb01f5a71c07079990f4403a9b919cbc

  • SSDEEP

    12288:PqvEEu0036Qgo74NcIQOE7EvoKlSql4ejAAWxe1X7BMPpqeepz4eeriQ/ANB:orugiWcIdGEvoKlSql4ejrWx4X7BMPpQ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71112cfb3fc619e70939e7f07dfccc38.exe
    "C:\Users\Admin\AppData\Local\Temp\71112cfb3fc619e70939e7f07dfccc38.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4868
    • C:\Users\Admin\AppData\Local\Temp\71112cfb3fc619e70939e7f07dfccc38.exe
      C:\Users\Admin\AppData\Local\Temp\71112cfb3fc619e70939e7f07dfccc38.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4080
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 364
        3⤵
        • Program crash
        PID:3624
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4868 -ip 4868
    1⤵
      PID:3152
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3488 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2340
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4080 -ip 4080
        1⤵
          PID:2436

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\71112cfb3fc619e70939e7f07dfccc38.exe
          Filesize

          431KB

          MD5

          47b37d4718d63f16ebc82af5330f409d

          SHA1

          65cf083c13160d1ef835c222fdeafb6a1f1b094d

          SHA256

          101c8e0985d7a99c6dd23d7754c51032f6ff5d885ad0bfdd46df7c4b9e2eb981

          SHA512

          4338a7c165459a727456fbeb1ccc961d203efdc5fce1c049e35ae2e9e875a35e6465fbddd03be1e1aa04f24c9f0df14111e36206f7d49c6fed88a7da30e33c52

          Download Submit

        • memory/4080-8-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/4080-9-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/4080-14-0x0000000001550000-0x0000000001590000-memory.dmp

          Filesize

          256KB

          Download

        • memory/4868-0-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/4868-1-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/4868-7-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download