Analysis
-
max time kernel
141s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
22-05-2024 02:32
General
-
Target
87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
-
Size
912KB
-
MD5
489e1fae49f440d756e8a9909ebb216e
-
SHA1
1ba4b116c5a6522f119072a73f22296bf480a9a6
-
SHA256
87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324
-
SHA512
8b84cb877d00063b654412ab2c9ed05f510976b35e01cc11d7281baaf017f14129cf6f25fc81fa40d65494ea951411e74c27c4dae42df53763942b58abb13750
-
SSDEEP
12288:5vo5RPxfakFRlrm1rPmytG3fJgYjVDa/ZS9anFY:sNacjjCOa/ZSUnK
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Program crash 3 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe"C:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 3442⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exeC:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 2083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 2083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4664 -ip 46641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4896 -ip 48961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4896 -ip 48961⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3684 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exeFilesize
912KB
MD599795227fe01d534773dc246729d6884
SHA16ef0a5f9f22c8640c65e4ac00024ebad6f108a18
SHA25638bf4fa0089593a4a261ea4d9904c932d97a027fbcb04dbc7f0d642333a3d00f
SHA51201ea87675c6af3942a6277c6323720e39feed4a317eaba5ea03d0a3eae521a683cd408604bad89522f9d826827c455c90640e9ea09cafbc90d86935a6d14b185
-
memory/4664-0-0x0000000000400000-0x00000000004EE000-memory.dmpFilesize
952KB
-
memory/4664-6-0x0000000000400000-0x00000000004EE000-memory.dmpFilesize
952KB
-
memory/4896-7-0x0000000000400000-0x00000000004EE000-memory.dmpFilesize
952KB
-
memory/4896-8-0x0000000005000000-0x00000000050EE000-memory.dmpFilesize
952KB
-
memory/4896-9-0x0000000000400000-0x00000000004A3000-memory.dmpFilesize
652KB