Resubmissions

22-09-2021 14:15

210922-rkjp5sfecr 10

Analysis

  • max time kernel
    90s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-04-2024 14:43

General

  • Target

    017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe

  • Size

    527KB

  • MD5

    afca14738e00c61a837d450b38a3f067

  • SHA1

    bc07bcaa858fd87418563b54f1e3197a252c0ee8

  • SHA256

    017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1

  • SHA512

    50f084c2ffd0b6592bea5face7092294003812421009e8241c8045c117aa9ae4e802bd4fb56398df06670ffbad57683c9157fc1b91a28443720b13fbf300772c

  • SSDEEP

    12288:I02PWw9C6hlSZ6g2G0yKHp1VbWabfBnXo:wPWwcOq6g2BVpxbVo

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe
    "C:\Users\Admin\AppData\Local\Temp\017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Users\Admin\AppData\Local\Temp\017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe
      "C:\Users\Admin\AppData\Local\Temp\017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe"
      2⤵
        PID:548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 940
        2⤵
        • Program crash
        PID:4420
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4212 -ip 4212
      1⤵
        PID:3988

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\nsfA096.tmp\System.dll

        Filesize

        11KB

        MD5

        fccff8cb7a1067e23fd2e2b63971a8e1

        SHA1

        30e2a9e137c1223a78a0f7b0bf96a1c361976d91

        SHA256

        6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

        SHA512

        f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c