33079a9135bbb33fcbce48358e267bf21c218fd3f86de19afd775b63d6ed11b1

General

Target

965f5894b0caefdbbcceb5da730ab025.exe
Size

1.2MB
MD5

965f5894b0caefdbbcceb5da730ab025
SHA1

fc275e9aa8dc0200d6fc0855ef45931b7972e4c9
SHA256

33079a9135bbb33fcbce48358e267bf21c218fd3f86de19afd775b63d6ed11b1
SHA512

06cf470ee6be5ca162eb90f2982bd0d86dd08a8682cb7cef50e1c90f23856c6a655cb521a46ce09f97a1ec6294ba20fd2c01199df4d767df2249f91101df06f7
SSDEEP

24576:N7blAjUnKsYlckuiGPseXwJvnCjivYPd1MwSw67aRq8Imj4YC:N75mUiduifyefqikg+sm8YC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1376	965f5894b0caefdbbcceb5da730ab025.tmp
1384	zu.exe

Loads dropped DLL 2 IoCs

pid	Process
1376	965f5894b0caefdbbcceb5da730ab025.tmp
1376	965f5894b0caefdbbcceb5da730ab025.tmp

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1368	1376	WerFault.exe	92
4988	1376	WerFault.exe	92

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1376	1588	965f5894b0caefdbbcceb5da730ab025.exe	92
PID 1588 wrote to memory of 1376	1588	965f5894b0caefdbbcceb5da730ab025.exe	92
PID 1588 wrote to memory of 1376	1588	965f5894b0caefdbbcceb5da730ab025.exe	92
PID 1376 wrote to memory of 1384	1376	965f5894b0caefdbbcceb5da730ab025.tmp	93
PID 1376 wrote to memory of 1384	1376	965f5894b0caefdbbcceb5da730ab025.tmp	93
PID 1376 wrote to memory of 1384	1376	965f5894b0caefdbbcceb5da730ab025.tmp	93

C:\Users\Admin\AppData\Local\Temp\965f5894b0caefdbbcceb5da730ab025.exe
"C:\Users\Admin\AppData\Local\Temp\965f5894b0caefdbbcceb5da730ab025.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Users\Admin\AppData\Local\Temp\is-40Q1V.tmp\965f5894b0caefdbbcceb5da730ab025.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-40Q1V.tmp\965f5894b0caefdbbcceb5da730ab025.tmp" /SL5="$70172,1022294,57856,C:\Users\Admin\AppData\Local\Temp\965f5894b0caefdbbcceb5da730ab025.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1376
- - C:\Users\Admin\AppData\Local\Temp\is-3H82E.tmp\zu.exe
    "C:\Users\Admin\AppData\Local\Temp\is-3H82E.tmp\zu.exe" -o -P pwzx bb.zip
    3⤵
    - Executes dropped EXE
    PID:1384
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 952
    3⤵
    - Program crash
    PID:1368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 960
    3⤵
    - Program crash
    PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1376 -ip 1376
1⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1376 -ip 1376
1⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-3H82E.tmp\Uninstall.dll

Filesize
381KB

MD5
c1379673f4da2288dd760469c1f8e82b

SHA1
b130f84e58cb596139d0432eef15da0fce5340de

SHA256
0b4f243b6d1580260440430a1c6a5d2e74f3e8e13360869afd774f21b8e8ecb6

SHA512
956e96b6b161996ad7ea3f20e7a9e95751515aab4e2e301aadd66b95783b66743f552a85f00b6feb2aa8744214c314395b56fb04397b1d9b8332b7db6cf67fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3H82E.tmp\_locale.nls

Filesize
708KB

MD5
d11f58daf5eeeee12ee04c1d92750774

SHA1
9890b9b80e11b9acd259f14795c237602ac13ccb

SHA256
2a41ca5721fdf2d185d905b9798d7fd7577e22136e1e1ab7501c6e29fc83c6bf

SHA512
ab448ef42ef4cb282b4ecb025a1e673385d2ad781ff8127654ac60a577a33251d0fc7c4e1afe28fcd6e58f27cbb72e77a39d889e275835e71efb7dcd8bbf4607

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3H82E.tmp\bb.zip

Filesize
875KB

MD5
fddef661b25229f14803ac310b998a19

SHA1
0ba60f48cdddc350f408a4a7dff70fa1d8ae1b2a

SHA256
0352a4f9bb4959fe75c7005028073e829779fb14f070ad17d8e7e2172f0a3b3b

SHA512
b1a93babfa39d4717055fd2b19218267bea4978b8ac4357550d5314fb6f30585a6d2a6bed98dd2950c42e68ae7820946c451ad03be7d65a9a4196dc5e063d345

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3H82E.tmp\zu.exe

Filesize
164KB

MD5
75375c22c72f1beb76bea39c22a1ed68

SHA1
e1652b058195db3f5f754b7ab430652ae04a50b8

SHA256
8d9b5190aace52a1db1ac73a65ee9999c329157c8e88f61a772433323d6b7a4a

SHA512
1b396e78e189185eefb8c6058aa7e6dfe1b8f2dff8babfe4ffbee93805467bf45760eea6efb8d9bb2040d0eaa56841d457b1976dcfe13ed67931ade01419f55a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-40Q1V.tmp\965f5894b0caefdbbcceb5da730ab025.tmp

Filesize
697KB

MD5
832dab307e54aa08f4b6cdd9b9720361

SHA1
ebd007fb7482040ecf34339e4bf917209c1018df

SHA256
cc783a04ccbca4edd06564f8ec88fe5a15f1e3bb26cec7de5e090313520d98f3

SHA512
358d43522fd460eb1511708e4df22ea454a95e5bc3c4841931027b5fa3fb1dda05d496d8ad0a8b9279b99e6be74220fe243db8f08ef49845e9fb35c350ef4b49

Download Submit
memory/1376-6-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/1376-21-0x0000000003A80000-0x0000000003AE5000-memory.dmp

Filesize
404KB

Download
memory/1376-23-0x0000000003CC0000-0x0000000003E80000-memory.dmp

Filesize
1.8MB

Download
memory/1376-28-0x0000000003CC0000-0x0000000003E80000-memory.dmp

Filesize
1.8MB

Download
memory/1376-27-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/1376-32-0x0000000003A80000-0x0000000003AE5000-memory.dmp

Filesize
404KB

Download
memory/1588-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1588-2-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download
memory/1588-26-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1588-37-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads