Overview

overview

7

Static

static

3

53a5e3f7d2...31.exe

windows7-x64

7

53a5e3f7d2...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/06/2024, 21:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    53a5e3f7d2044c1ed7a31789815af79627923b51276fcb27bef77e00d891fc31.exe

  • Size

    216KB

  • MD5

    138ec3aaf8ede4010f6d134ada678bed

  • SHA1

    2d1c7403faa76f36c755fcded8c8b65de5a66b39

  • SHA256

    53a5e3f7d2044c1ed7a31789815af79627923b51276fcb27bef77e00d891fc31

  • SHA512

    9e3585e5edf79a50701bdc00523bd0c8728a921fccaeb531850f2c41bda1dcf54b6b1a3eb4d2747f580b8f8e147e971469f847e1cc5ece1f11b65d15bf06bbf6

  • SSDEEP

    6144:nV97Gd8Va/ZnfGn9dj4RYam8BD41XBcc11fhxaxP3G6WB3:3Gd8QZnfo9d0YaFDG11fhxai3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53a5e3f7d2044c1ed7a31789815af79627923b51276fcb27bef77e00d891fc31.exe
    "C:\Users\Admin\AppData\Local\Temp\53a5e3f7d2044c1ed7a31789815af79627923b51276fcb27bef77e00d891fc31.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:5100
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 396
      2⤵
      • Program crash
      PID:2724
    • C:\Users\Admin\AppData\Local\Temp\53a5e3f7d2044c1ed7a31789815af79627923b51276fcb27bef77e00d891fc31.exe
      C:\Users\Admin\AppData\Local\Temp\53a5e3f7d2044c1ed7a31789815af79627923b51276fcb27bef77e00d891fc31.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:644
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 364
        3⤵
        • Program crash
        PID:964
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5100 -ip 5100
    1⤵
      PID:4392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 644 -ip 644
      1⤵
        PID:4148

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\53a5e3f7d2044c1ed7a31789815af79627923b51276fcb27bef77e00d891fc31.exe
              Filesize

              216KB

              MD5

              3a06ec65d40b805a7267aef732c5a9bb

              SHA1

              c5abbb98159ba807fa5ea50df30eed4a2a4ba651

              SHA256

              95e3cf51a8877e58d1d2ae1d7a9b530fb6a331342228c7698f9d7f8064835958

              SHA512

              e945cb8c8e95d83f07073834775c7fd778693972808d8dd776b44a17988cc6098ed1bc85ecc9a9cfdeb97fcfe6b10d44f33de4e5f37922626b1adbc7c76c918f

              Download Submit

            • memory/644-7-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/644-8-0x0000000000400000-0x000000000041A000-memory.dmp

              Filesize

              104KB

              Download

            • memory/644-13-0x0000000004DA0000-0x0000000004DDF000-memory.dmp

              Filesize

              252KB

              Download

            • memory/5100-0-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/5100-6-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download