Overview

overview

7

Static

static

3

0684f33de1...83.exe

windows7-x64

7

0684f33de1...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 21:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0684f33de1d13b5d82748f0f33438a83.exe

  • Size

    205KB

  • MD5

    0684f33de1d13b5d82748f0f33438a83

  • SHA1

    311f97541d8ba97dffa0b3a9ab5b0acda1c53cce

  • SHA256

    818912122394ebdf2e59fe66fe1c7f314f5d4206a3770f8495dcbb6b5e3c496f

  • SHA512

    6b1821d39256cfe24b0c148d84e62fa77a356f047e8b59c05feca6c6aef4581cb0d63c7f16a8cb8f05ffb4e9257c85f7df217ca45bf6a83de6815fd8f78f2470

  • SSDEEP

    6144:r5ej8IqjDqC4hV56KmO1Drzh+eHMCkP79W:YPqjXU1Drt+pCa74

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0684f33de1d13b5d82748f0f33438a83.exe
    "C:\Users\Admin\AppData\Local\Temp\0684f33de1d13b5d82748f0f33438a83.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4240
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 384
      2⤵
      • Program crash
      PID:3992
    • C:\Users\Admin\AppData\Local\Temp\0684f33de1d13b5d82748f0f33438a83.exe
      C:\Users\Admin\AppData\Local\Temp\0684f33de1d13b5d82748f0f33438a83.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3412
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 360
        3⤵
        • Program crash
        PID:1428
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 768
        3⤵
        • Program crash
        PID:3904
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 808
        3⤵
        • Program crash
        PID:2976
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 776
        3⤵
        • Program crash
        PID:1044
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 816
        3⤵
        • Program crash
        PID:4488
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 824
        3⤵
        • Program crash
        PID:208
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4240 -ip 4240
    1⤵
      PID:3416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3412 -ip 3412
      1⤵
        PID:832
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3412 -ip 3412
        1⤵
          PID:4856
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3412 -ip 3412
          1⤵
            PID:228
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3412 -ip 3412
            1⤵
              PID:2012
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3412 -ip 3412
              1⤵
                PID:3880
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3412 -ip 3412
                1⤵
                  PID:1524

                Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Temp\0684f33de1d13b5d82748f0f33438a83.exe
                        Filesize

                        205KB

                        MD5

                        565bec09a0706c5e003477209a87e2fc

                        SHA1

                        8f0cb17c03aa5c87d4196740ba67ff25fc3dcdf3

                        SHA256

                        173c6804f71241ac7ad9b85ba77de55db546418454e353e8775e225a52a8a891

                        SHA512

                        27fdf01afa7829c7616ae1fb6d30d72248f8816a727f48c507c65835e6d39ea0dfbac83ef2ccb6c8b04ef2b45ecfe4d8dae9525f339ca856ab97fef5b6345179

                        Download Submit

                      • memory/3412-7-0x0000000000400000-0x0000000000441000-memory.dmp

                        Filesize

                        260KB

                        Download

                      • memory/3412-8-0x0000000000400000-0x0000000000415000-memory.dmp

                        Filesize

                        84KB

                        Download

                      • memory/3412-9-0x0000000004DA0000-0x0000000004DE1000-memory.dmp

                        Filesize

                        260KB

                        Download

                      • memory/4240-0-0x0000000000400000-0x0000000000441000-memory.dmp

                        Filesize

                        260KB

                        Download

                      • memory/4240-6-0x0000000000400000-0x0000000000441000-memory.dmp

                        Filesize

                        260KB

                        Download