Analysis

  • max time kernel
    152s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 17:00

General

  • Target

    ptu621.exe

  • Size

    5.0MB

  • MD5

    516e4e61cf92a3d6b17ad2c181c2a939

  • SHA1

    3f3f81dea9779a5d9d8478b0386867ccbe17d450

  • SHA256

    3cb1389aa245b496d15d20d25fcefa35f35f85744413205e90caa78f0805902c

  • SHA512

    143e0372ca5ca9c7197d4de69f595fb5b13d517db424331737274b252f16f4cec7490956d08618fcd823f9a9b42e95a7f0439c01a032568722dc864f2b3df71e

  • SSDEEP

    98304:RUxt0mBCcZbMMWl7ZSnSC/Ao4f2uZE+2N3wALB2QviKo8D5yEg9yUPvnoh8dKjn8:uEA7YURz4RZEL3Z2ElcTywrdKj7KNQ

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ptu621.exe
    "C:\Users\Admin\AppData\Local\Temp\ptu621.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Users\Admin\AppData\Local\Temp\ptu621Srv.exe
      C:\Users\Admin\AppData\Local\Temp\ptu621Srv.exe
      2⤵
      • Executes dropped EXE
      PID:4780
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 280
        3⤵
        • Program crash
        PID:3120
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 560
      2⤵
      • Program crash
      PID:5116
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4780 -ip 4780
    1⤵
      PID:3580
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 5112 -ip 5112
      1⤵
        PID:2880
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:1176

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\ptu621Srv.exe
          Filesize

          74KB

          MD5

          cb458dd109a10f16c430dee34464cd8f

          SHA1

          1bc955db0463913cc7d0434c2318c9f2202240e0

          SHA256

          21aa1977c0d7d0404f97515d87d6f26f3f2c2b01d054be6056d119d33d3856e3

          SHA512

          5321f11d92150fdb07f94092fa97fe88bd45714237e4ba245b7f5fbfd4425857fa8d242858d4fd038d77ee7644d276dfb63b7403469ddaf1b53879f391c3f490

        • memory/4780-4-0x0000000000400000-0x0000000000433000-memory.dmp
          Filesize

          204KB

        • memory/4780-5-0x0000000000400000-0x0000000000433000-memory.dmp
          Filesize

          204KB

        • memory/5112-0-0x0000000000400000-0x0000000000CA5000-memory.dmp
          Filesize

          8.6MB

        • memory/5112-6-0x0000000000400000-0x0000000000CA5000-memory.dmp
          Filesize

          8.6MB