79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183

Analysis

max time kernel
66s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 22:53 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe
Size

320KB
MD5

a121a17e533b1855b8942025d6a8fb61
SHA1

935ddfe88d0449877ebf9e058883f917a331432f
SHA256

79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183
SHA512

53bd0bab6aa6f0779bf500aca1dc25245671e83c920476adec522147e57ad0e9a4fe90441557a458c3e6259f63702c789496865973467613cecaca13b337c303
SSDEEP

6144:KQFNjeCCCCKb9EMU/NELJjaMOJZitfXzV40saiigCz:KQFJnCKhG1UJmMQZitfzVQ5zCz

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
5032	79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe

Executes dropped EXE 1 IoCs

pid	Process
5032	79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
232	3936	WerFault.exe	84
676	5032	WerFault.exe	90

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3936	79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
5032	79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 5032	3936	79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe	90
PID 3936 wrote to memory of 5032	3936	79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe	90
PID 3936 wrote to memory of 5032	3936	79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe	90

C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe
"C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 396
  2⤵
  - Program crash
  PID:232
- C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe
  C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:5032
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 364
    3⤵
    - Program crash
    PID:676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3936 -ip 3936
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5032 -ip 5032
1⤵
PID:1364

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

No results found

8.8.8.8:53

g.bing.com

dns

280 B
5

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com
8.8.8.8:53

g.bing.com

dns

280 B
5

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe

Filesize
320KB

MD5
fef7e01e1d02189a6ccaa16db3862daa

SHA1
852aa6f25ba69a01cc7f04421c23f6e80f138ff6

SHA256
e0ec1ee00f6c8f4d95d6b36cdcb82aa46cced79af98907f47f0a28ae299fa27e

SHA512
474da27b3c777714d81f060c488773dec7dc9f9897f90d99d12300c6a9fe73e49e96824d693a1a4d058733d8a2219d79dfbbfd40c4b250cbc3f7bc11ea4fdf46

Download Submit
memory/3936-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3936-6-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5032-7-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5032-8-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/5032-13-0x0000000003D70000-0x0000000003DB0000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.