a96d53be05f9e323bfcb590c05844e16c2bc4965ecfa82e7d6c4b61009afa963

Analysis

max time kernel
135s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

reWASD720-9014.exe
Size

28.6MB
MD5

e0a1e477533863ba0fd9a52c9c019c3f
SHA1

3a0f67d0dda47493fad9923d355cfe9609d25f01
SHA256

a96d53be05f9e323bfcb590c05844e16c2bc4965ecfa82e7d6c4b61009afa963
SHA512

8c959c5255dbb8d59288b869c5f151740744fd10b5ea513178aae6d5f2dad009e63a7e518c8cee53ef7fafe79efdb9dbec3c678ef0ba6c55eaf1e27f0267d981
SSDEEP

786432:cb5tGlzdlWhFVqxZCf39KtOq1zU3Olf36LvHb+UtpFhA:c1YjWhixZCsOq1zaOxCvHbhZA

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 32 IoCs

pid	Process
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe
1936	reWASD720-9014.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1940	1936	WerFault.exe	83
3016	1936	WerFault.exe	83

C:\Users\Admin\AppData\Local\Temp\reWASD720-9014.exe
"C:\Users\Admin\AppData\Local\Temp\reWASD720-9014.exe"
1⤵
- Loads dropped DLL
PID:1936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 1624
  2⤵
  - Program crash
  PID:1940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 1640
  2⤵
  - Program crash
  PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1936 -ip 1936
1⤵
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1936 -ip 1936
1⤵
PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\7z.dll

Filesize
155KB

MD5
ad71a5e3a757aef0329aeda567f25a00

SHA1
97c766d85c9dabfcabd5a983fe165506d227a8ac

SHA256
f6b9ae6eaaedc55db0e381ec153892c122f1f257ada80cf242a20be8a2f117ef

SHA512
6852496fb8f59bea3ae46efd507d654ae27306d9f4f2f0dc0db8b03f9f63a3712e075b12f0ebdf6ea88db081fca4dd29be1555584aa70386ccb8297beef886ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\CHS.dll

Filesize
89KB

MD5
35aa2ac6cebebede5b663342ba1f6178

SHA1
00368404a7e694d6f567fe56b7e42db43a106d8c

SHA256
fdb80c7c9bcb62c580c5e42304d2328412abded30930cd54bc2803551eaf67dc

SHA512
d506f6b92bd6b632b922ef3aee19d1780f1e90fd2642d1e9dcc214e87d0e964ca56d853da69bd5be317eda9e3c4bb618e079da8baae981dfa1202a9d21297567

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\CHT.dll

Filesize
89KB

MD5
959afc91bb1d18d8ce4f06449cc47ed1

SHA1
b2cbd7fd177ac81be801dd5063895744c7cf50a6

SHA256
75aba801a8f43e3990ff55117ff1710b0390876b380b6dada98f81d67b6ac074

SHA512
a15c6c614bb28f84876a575576fe6a3b1c93b36c22cd93b667513824ea0434a66122deb058ed96c0533c2cf6be4ee1b946fa55d5d12df16f040d473ab03a81d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\DEU.dll

Filesize
220KB

MD5
d168ba8ee986301a11737bd592560f0a

SHA1
8218942a1c7e3ef86cb38ba3b148f65ab2f80deb

SHA256
8ef30ffb2115aad13b4b2392f439c272bd84f10102b62604b9c2bdd7b1ed5176

SHA512
f53c330eca40e8ca32a54a0334b95d0bd78d3822ed1491ef8f4efd45c49d550a96613daa58adea3bff3620252ad5cdd64e5614c0258cd80ae2ebd168184019d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\ENU.dll

Filesize
184KB

MD5
c594413179355220ccc0b94b23799636

SHA1
5ca84c0dcacbdcc2568a796f51480558f3773755

SHA256
fb1c6243f44e36a5cc21c6d26740cf1baa79e33f80fc905d6669136bfc94d97d

SHA512
ab6405fffcde398f3d54d2a1e253148c1a4cf49126f079cb02983f91cf0d2d07b37c0980993a36423fdef17f16150d00562c7ebf320dde4693adf449b6ef49c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\ESN.dll

Filesize
212KB

MD5
1558df68a8da15f97f211d2d537d8950

SHA1
2c2f26cba5ce904f09a845b595e08d93a33f0594

SHA256
0001267e0e028bd17030a049a9735c4de8f1be3552fbae700d178ef7e5dd2e34

SHA512
1f6431704fac59ad13557e92c8625a80a95337dc7ca0a4ee18125cbc1a57330aca0e7dec05723d93e1e0ad0ae7e8f76ac711ea521a0d175bbd04d4e54e82c3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\FRA.dll

Filesize
227KB

MD5
6054457d7e214be18072cdf564eccdfd

SHA1
1b94041da6cd5516ba6e8984534bf81c58d8ec21

SHA256
79472103b4f1f132133080e8c2620be4ca90004ac3b2ce103a162fe0745a7f9d

SHA512
45ee93633d75b5fdfb2199d7b4c671b5d0cb2dc5e7c80f11c1b261408fec1deb3cbc44901fd8869ff7cec8b91f269a661baed02b074af1929884f5d714325638

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\IND.dll

Filesize
201KB

MD5
008534924f27829755088166abc5965d

SHA1
333fd1dc308b3e5e52ebb2d1bab54a695fe09a85

SHA256
3d265e98dce385d26352ec05a265bc44fa601f86861a97f42638beba3a7fa1d4

SHA512
0e060a13b6df1c32d7ce32d57fb31c85e81675e781bed6e43f486b9dfb897659d6e099293a1c3cda3c589134d51b9c2617ac1d3945a20f9e93e0fd261d62d3c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\ITA.dll

Filesize
214KB

MD5
747797df5e68451e8fbc7d3f59b4ff49

SHA1
a330a564d9dcfdcaed7c2336f71147b3b94125ee

SHA256
50472ae514868bc01fee7565e1c75f5ae57c2e126d4849440ba03b9c79bddfdc

SHA512
205332b2b0b28d5a27c6ced9fe0adef21d402935df7267c8f19671b4141d2ae0148b4529c779d9735cca85d877dd9fc67fc85d761a0409488a61dd23fff32876

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\JPN.dll

Filesize
116KB

MD5
b4b72f3f3868f3058a9f559dc518c16a

SHA1
a0597dbae97198390d10789f97db311a39c242f3

SHA256
68ddaf1f9f6d16e1458377457c9390f62b99a43e53c1d4e7020c9b20ee94a6d3

SHA512
46aff00c1186021309a2c4f38b175bf2482e99c4c4c18ac1d03e20585782bd888c0dfcecd47ddaaaf367a754c33bb4e65bac83edb002c6bf5b1e0d61af2a01db

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\PLK.dll

Filesize
212KB

MD5
ca895e1c2741d2e4f28ec6bf277e95d3

SHA1
141b4f04b36789437091aaff34d8799b161549bb

SHA256
98a228b0688a2066d1dd58b62e17eb1964c3ae3d44ee76cc2b0c067a4b4f36e8

SHA512
37f96c3d4b7c4290a902830fb3f25f1dd6b90ecb3025a4757bb2e9d2b715d4ffcdc0d338418352fd47e18269df8a59ae751c35bfe226a3d76d67ab05562d6a2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\PTB.dll

Filesize
208KB

MD5
69cd8d380ab6cc33d411ac92180ddc3a

SHA1
72f0a1d0bf3c94d97968412ae66f47ac41344749

SHA256
8e195d1a0e9f7ce0af2d1e6af2c8a1fad7fdbe6d64d0280c2e3848ce3359ffed

SHA512
233821c7f0efd0f730407430272281c77cca00191be2c94810a03650e14a94382d6b62f9dc72b21afb5c074b12f08e49ebcf66339f8e87a946ec5668c8f500ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\RUS.dll

Filesize
201KB

MD5
6b1c095b92bfbf1c1d9dd7edcf331cdc

SHA1
0c8b2d9d5a40fac8ac75c9e83a60b207197155d3

SHA256
67931017d01109197c43c7a0189f07996f4f6d00746ccbebb46746afcf3e05a4

SHA512
94d176062a0aa437ef8409af25c624f2df763746ccd2e08c23a5c051d14234c1053d687ab01b97c1aee71233290810021ca19780f781178828b0c9072ad71b4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\TRK.dll

Filesize
213KB

MD5
066b311f6e8a1f9f5b4fde22d1263312

SHA1
8dd21ee287415f22f161ab0bc85d1376343ada83

SHA256
565abbd3eb23191488ba81f6f1ef24fd558190d073758ca8ed3478a03be5a906

SHA512
a1ffc51bb6275838de0c6b1888fb6f0c0ecf103a871bda0734df8e14f875780a13e763ddbc8f856482a3898a9bad50bbcb4bfda3ef20fe61d9a071598c89b2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\UKR.dll

Filesize
199KB

MD5
7a70aa6b6adb6614e48af3cd442279c2

SHA1
dac51f7bb444d3473bd1ffefef6b27ebbf9c6e8b

SHA256
c7aa59bd97cefaeae171249036cc6344170ace67132af00d6caf4a202cda7e78

SHA512
98738a5a4ad6497de2c45eab79a01f69ebe27b49ffd7a867df29b3f0a0b177c3dc8c5e6a1500944d019ff544416a0d191ccc922722879eb83f415b15d4f4eae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\setuphlp.dll

Filesize
305KB

MD5
d23815104f35f3903efef8f769630c41

SHA1
85014f046b6e009b273eda4c19feb0304cb35349

SHA256
18256cfc62c24427ad0d02232906863b12945673b04d20be484bc21f58edcd48

SHA512
5e374e61d9f84f1d41751d092172a891acac76e46f1e36c305fe64151155d578156fa992c9e73dda8679836a217e3d0b6ea734d08e4ed1c1f90f3fa6c178b8be

Download Submit
memory/1936-0-0x0000000074EDE000-0x0000000074EDF000-memory.dmp

Filesize
4KB

Download
memory/1936-9-0x00000000073E0000-0x0000000007456000-memory.dmp

Filesize
472KB

Download
memory/1936-40-0x000000006EAB0000-0x000000006EAFF000-memory.dmp

Filesize
316KB

Download
memory/1936-4-0x0000000006F00000-0x0000000006F0A000-memory.dmp

Filesize
40KB

Download
memory/1936-3-0x0000000006F20000-0x0000000006F32000-memory.dmp

Filesize
72KB

Download
memory/1936-2-0x0000000074ED0000-0x0000000075680000-memory.dmp

Filesize
7.7MB

Download
memory/1936-1-0x00000000007B0000-0x0000000002446000-memory.dmp

Filesize
28.6MB

Download
memory/1936-10-0x0000000007460000-0x000000000747E000-memory.dmp

Filesize
120KB

Download
memory/1936-103-0x0000000007D70000-0x0000000007DB0000-memory.dmp

Filesize
256KB

Download
memory/1936-104-0x0000000074ED0000-0x0000000075680000-memory.dmp

Filesize
7.7MB

Download
memory/1936-105-0x000000006EAB0000-0x000000006EAFF000-memory.dmp

Filesize
316KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads