Overview

overview

10

Static

static

5

f695614339...fb.exe

windows7-x64

10

f695614339...fb.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-04-2024 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f69561433962f52a78eb8a5d4c8a1d7ad19e80130f8cb2eed05dc2a5596b3cfb.exe

  • Size

    1.0MB

  • MD5

    729bcbff996ee7d98468706cb137c3b4

  • SHA1

    7dcfab826d6de30c2c680384b897afb78180b683

  • SHA256

    f69561433962f52a78eb8a5d4c8a1d7ad19e80130f8cb2eed05dc2a5596b3cfb

  • SHA512

    a25405d061daadfd17ee1ba1d154a17f8c9b77ceb3a9ad5cd8393bce52a9fb9520422a01e4288968d8518a867bdcb1b2b1e8ef8216064060757eb52202e80c57

  • SSDEEP

    24576:TAHnh+eWsN3skA4RV1Hom2KXMmHaSeL73W3x3uSL55:eh+ZkldoPK8YaSeL738x3l

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f69561433962f52a78eb8a5d4c8a1d7ad19e80130f8cb2eed05dc2a5596b3cfb.exe
    "C:\Users\Admin\AppData\Local\Temp\f69561433962f52a78eb8a5d4c8a1d7ad19e80130f8cb2eed05dc2a5596b3cfb.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\AppData\Local\Temp\f69561433962f52a78eb8a5d4c8a1d7ad19e80130f8cb2eed05dc2a5596b3cfb.exe"
      2⤵
        PID:3884
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 696
        2⤵
        • Program crash
        PID:1988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3400 -ip 3400
      1⤵
        PID:752
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:1476
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3500

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3400-10-0x0000000003730000-0x0000000003734000-memory.dmp
          Filesize

          16KB

          Download
        • memory/3500-11-0x0000020EF3940000-0x0000020EF3950000-memory.dmp
          Filesize

          64KB

          Download
        • memory/3500-27-0x0000020EF3A40000-0x0000020EF3A50000-memory.dmp
          Filesize

          64KB

          Download
        • memory/3500-43-0x0000020EFBD30000-0x0000020EFBD31000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3500-45-0x0000020EFBD60000-0x0000020EFBD61000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3500-46-0x0000020EFBD60000-0x0000020EFBD61000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3500-47-0x0000020EFBE70000-0x0000020EFBE71000-memory.dmp
          Filesize

          4KB

          Download