Resubmissions
22-09-2021 14:15
210922-rkjp5sfecr 10Analysis
-
max time kernel
90s -
max time network
95s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
14-04-2024 14:43
Static task
static1
Behavioral task
behavioral1
Sample
017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe
Resource
win11-20240412-en
General
-
Target
017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe
-
Size
527KB
-
MD5
afca14738e00c61a837d450b38a3f067
-
SHA1
bc07bcaa858fd87418563b54f1e3197a252c0ee8
-
SHA256
017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1
-
SHA512
50f084c2ffd0b6592bea5face7092294003812421009e8241c8045c117aa9ae4e802bd4fb56398df06670ffbad57683c9157fc1b91a28443720b13fbf300772c
-
SSDEEP
12288:I02PWw9C6hlSZ6g2G0yKHp1VbWabfBnXo:wPWwcOq6g2BVpxbVo
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 4212 017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 4420 4212 WerFault.exe 77 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4212 wrote to memory of 548 4212 017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe 80 PID 4212 wrote to memory of 548 4212 017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe 80 PID 4212 wrote to memory of 548 4212 017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe"C:\Users\Admin\AppData\Local\Temp\017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4212 -
C:\Users\Admin\AppData\Local\Temp\017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe"C:\Users\Admin\AppData\Local\Temp\017a7ccf3e5eb12c679dad6b9897c1ea788975d6e5e90e4ddf59df981dd11ec1.exe"2⤵PID:548
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 9402⤵
- Program crash
PID:4420
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4212 -ip 42121⤵PID:3988
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5fccff8cb7a1067e23fd2e2b63971a8e1
SHA130e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA2566fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
SHA512f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c