6df1e887a7656d964fb6472195a05a2a7eb083d5eb25836c51d5f86fd786bd7c | Triage

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 01:40

Sharing

Report Analysis Logs

General

Target

RFQ-HL51L05.exe
Size

1.1MB
MD5

a7719f9298c67b4e4ce91b0004d33b8b
SHA1

45e89904dfaef5c5abf9f773ff12a24d3b50aca7
SHA256

a0a0fb07e86f86daca2883b96c5e33752eb4cbd08778bce91c40285efbc4e92f
SHA512

ab908cda8982a961f1c465a857b375193e2e855084b0c3f500ba6775b2bcb1e00f508cb9b4093da2c24d21ffb1e918b532e35f1723f1d5e9abe876ac4ffe026b
SSDEEP

24576:DAHnh+eWsN3skA4RV1Hom2KXMmHaz9n6cajbH5:Oh+ZkldoPK8Yaz51aB

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3264 4576 WerFault.exe RFQ-HL51L05.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

RFQ-HL51L05.exe

pid process

4576 RFQ-HL51L05.exe
4576 RFQ-HL51L05.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

RFQ-HL51L05.exe

pid process

4576 RFQ-HL51L05.exe
4576 RFQ-HL51L05.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

RFQ-HL51L05.exe

description	pid	process	target process
PID 4576 wrote to memory of 3076	4576	RFQ-HL51L05.exe	RegSvcs.exe
PID 4576 wrote to memory of 3076	4576	RFQ-HL51L05.exe	RegSvcs.exe
PID 4576 wrote to memory of 3076	4576	RFQ-HL51L05.exe	RegSvcs.exe

C:\Users\Admin\AppData\Local\Temp\RFQ-HL51L05.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ-HL51L05.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ-HL51L05.exe"
2⤵
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 696
2⤵
- Program crash
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 4576 -ip 4576
1⤵
PID:3884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4576-10-0x0000000003750000-0x0000000003754000-memory.dmp

Filesize
16KB

Download