Overview

overview

7

Static

static

3

5f9fa0d9b3...1a.exe

windows7-x64

7

5f9fa0d9b3...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f9fa0d9b3af6a41bc94db36debc148e80257f2fd2b980c49d6b7788d833711a.exe

  • Size

    416KB

  • MD5

    49a4b56aa5ae1e3d26eabbc7f50d94fd

  • SHA1

    8af09cadb252df62186116304f137e3323f77ec1

  • SHA256

    5f9fa0d9b3af6a41bc94db36debc148e80257f2fd2b980c49d6b7788d833711a

  • SHA512

    79748f6f2153becf62debc96630dedf041c0d5cff6cd6461ae310fbe503027411f001fa7d1626703f939c31ea3d6eb18230843dbabef52a320955f501a38bd3b

  • SSDEEP

    6144:sH/Vj4JJFNd5d79H0W7cyqCxSngmMBqfycuPbUl0i5cD5J6KE:4ibbd7j0npM4dl0v5JdE

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f9fa0d9b3af6a41bc94db36debc148e80257f2fd2b980c49d6b7788d833711a.exe
    "C:\Users\Admin\AppData\Local\Temp\5f9fa0d9b3af6a41bc94db36debc148e80257f2fd2b980c49d6b7788d833711a.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 384
      2⤵
      • Program crash
      PID:2220
    • C:\Users\Admin\AppData\Local\Temp\5f9fa0d9b3af6a41bc94db36debc148e80257f2fd2b980c49d6b7788d833711a.exe
      C:\Users\Admin\AppData\Local\Temp\5f9fa0d9b3af6a41bc94db36debc148e80257f2fd2b980c49d6b7788d833711a.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4976
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 352
        3⤵
        • Program crash
        PID:4880
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 768
        3⤵
        • Program crash
        PID:3840
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 788
        3⤵
        • Program crash
        PID:1796
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 796
        3⤵
        • Program crash
        PID:2056
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2648 -ip 2648
    1⤵
      PID:3192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4976 -ip 4976
      1⤵
        PID:4948
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4976 -ip 4976
        1⤵
          PID:3960
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4976 -ip 4976
          1⤵
            PID:1488
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4976 -ip 4976
            1⤵
              PID:3128

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\5f9fa0d9b3af6a41bc94db36debc148e80257f2fd2b980c49d6b7788d833711a.exe
              Filesize

              416KB

              MD5

              82d697bc67961b7a3dc954ce658f62ff

              SHA1

              0e50fa0c94b3082d6005b9375f240402eb89fe90

              SHA256

              7eea53ef96f045983092ff7f29d2a979e0b9de8ec238111dd13cfb3eaceb9b22

              SHA512

              25ff1987f787304945e631513de2673688379e71378a0f887039bdd189013e9abff3e71e78d10ca24c9a1027c4c96e8e6ad79a643f9fcfd65989c13958b8bf1a

              Download Submit

            • memory/2648-0-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2648-6-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/4976-7-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/4976-9-0x0000000000400000-0x0000000000415000-memory.dmp

              Filesize

              84KB

              Download

            • memory/4976-8-0x0000000001520000-0x0000000001561000-memory.dmp

              Filesize

              260KB

              Download