Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 04:53

General

  • Target

    a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184.exe

  • Size

    2.5MB

  • MD5

    66f59c51e548362c3deb73e5d284b471

  • SHA1

    fe2badaf7bdf59f9edd5e933c7d035b7ba6b646e

  • SHA256

    a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184

  • SHA512

    fe25c422285f1253902109ee76097cc8f5926a84cb3d1066bbc886134909c1ff1de32d222c0a759209eafcdb943faade3663dd110a854b3e990920d2e9adb64e

  • SSDEEP

    49152:DbNBfg/evwCzzQlQbCvuKiTjvF55E2brCVNJT0zcT/nDzxILkS:y+CvuKir5E2br0v0

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184.exe
    "C:\Users\Admin\AppData\Local\Temp\a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3620
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 716
      2⤵
      • Program crash
      PID:1356
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3620 -ip 3620
    1⤵
      PID:2028

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads