Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 07:19
Static task
static1
Behavioral task
behavioral1
Sample
32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe
Resource
win10v2004-20240426-en
General
-
Target
32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe
-
Size
1.2MB
-
MD5
b7b6dbf0fe66feeb4bb05d0712bc91ec
-
SHA1
75e5b9856d79dca435269c701c11e98cfeb80793
-
SHA256
32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e
-
SHA512
8735ef8b852e409fb6de657e4ba1fd87fbac25a4b5b552140b03c352c8d272bec6da2f2caaf6729d6269186d64e2529d49e1c3f880c826a7aa618eac2197bff9
-
SSDEEP
24576:iAHnh+eWsN3skA4RV1Hom2KXMmHaPAYuULqajdlr8c5:lh+ZkldoPK8YaPsUqabf
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3140 1764 WerFault.exe 81 -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1764 32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1764 32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe 1764 32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 1764 32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe 1764 32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1764 wrote to memory of 4204 1764 32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe 85 PID 1764 wrote to memory of 4204 1764 32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe 85 PID 1764 wrote to memory of 4204 1764 32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe"C:\Users\Admin\AppData\Local\Temp\32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe"1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Windows\SysWOW64\svchost.exe"C:\Users\Admin\AppData\Local\Temp\32b41248083fbe55f8dc32636a2b94fe6b8c197d74ed04f0f29ed3bc6f06dc2e.exe"2⤵PID:4204
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 7362⤵
- Program crash
PID:3140
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1764 -ip 17641⤵PID:4016
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
266KB
MD5d4efca06ee0ebf7f13a2e7e1704faa7a
SHA1b7061e79336a2a417662bfb8dc74fd873a5c093c
SHA25625e79232436685bb339c3702e0d34e64d1823de12adc13d2ff66407bdc530fc0
SHA5124de0bcf20c5b975d62dd41d5f34596fe8b3f680a0f0ffc4ddf8efb3a5f76cb85616374e43343f07e7141a3fb1a8f0a025d0909cdad545a7ede0f9deb99f17e93