Overview

overview

7

Static

static

3

892d1cb7a3...4f.exe

windows7-x64

7

892d1cb7a3...4f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    892d1cb7a37285a13d24e5cdced0df2f16c58b3e91beebfbdd2f48b430577a4f.exe

  • Size

    416KB

  • MD5

    5aed73600a223aa279228bbc4f2bdfee

  • SHA1

    479bcff5b33ad26b1cc4774bb8e6e36610aa82e6

  • SHA256

    892d1cb7a37285a13d24e5cdced0df2f16c58b3e91beebfbdd2f48b430577a4f

  • SHA512

    e59a0d47b0bb8d5031f72b480efedc7d90f4b0da082f4edaea18177a965bf8cebe083cbde91a19eca72fa533aca6e419a48d05a5718e68aea72ae1a5be5bcc99

  • SSDEEP

    6144:ysLoN1v7oPsOvRFrMSX9aLisM+NeOV40saiigCD4H2cHwXWNz:ov4sOvjfX9aLisvNeOVQ5zCD4TyWNz

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\892d1cb7a37285a13d24e5cdced0df2f16c58b3e91beebfbdd2f48b430577a4f.exe
    "C:\Users\Admin\AppData\Local\Temp\892d1cb7a37285a13d24e5cdced0df2f16c58b3e91beebfbdd2f48b430577a4f.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 396
      2⤵
      • Program crash
      PID:1468
    • C:\Users\Admin\AppData\Local\Temp\892d1cb7a37285a13d24e5cdced0df2f16c58b3e91beebfbdd2f48b430577a4f.exe
      C:\Users\Admin\AppData\Local\Temp\892d1cb7a37285a13d24e5cdced0df2f16c58b3e91beebfbdd2f48b430577a4f.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3544
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 364
        3⤵
        • Program crash
        PID:3188
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4984 -ip 4984
    1⤵
      PID:3204
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3544 -ip 3544
      1⤵
        PID:1704

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\892d1cb7a37285a13d24e5cdced0df2f16c58b3e91beebfbdd2f48b430577a4f.exe
        Filesize

        416KB

        MD5

        dd80a55e7aa2a3e9f2f00be6bec36431

        SHA1

        91d9a94ffe1055c17ac73120c0f293928e16c375

        SHA256

        9bf34a64e7a98751c627fe6e130ae0db65dc08a4c9ceac7770870499387dadd2

        SHA512

        6827486a8d5b19d6719e0aa094cee2d792b19555907b3c5b4212d2ec9a8a20af79fa3be0887c980c9d45ee49755c2e89fa5b33fd5d32dc11f0633c5274cd9a0f

        Download Submit
      • memory/3544-7-0x0000000000400000-0x0000000000442000-memory.dmp
        Filesize

        264KB

        Download
      • memory/3544-8-0x0000000000400000-0x000000000041A000-memory.dmp
        Filesize

        104KB

        Download
      • memory/3544-13-0x0000000003D80000-0x0000000003DC2000-memory.dmp
        Filesize

        264KB

        Download
      • memory/4984-0-0x0000000000400000-0x0000000000442000-memory.dmp
        Filesize

        264KB

        Download
      • memory/4984-6-0x0000000000400000-0x0000000000442000-memory.dmp
        Filesize

        264KB

        Download