Overview

overview

7

Static

static

3

902f7cc8e6...3b.exe

windows7-x64

7

902f7cc8e6...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 00:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    902f7cc8e6623ebbb3a3d6514dea4f774749c25b183bdd0f18a4c12098ec183b.exe

  • Size

    203KB

  • MD5

    ce3a0d0a97a70e78edfbf52f2b7e14c8

  • SHA1

    09523263486a8a377efcc65e9d8827d968e11d97

  • SHA256

    902f7cc8e6623ebbb3a3d6514dea4f774749c25b183bdd0f18a4c12098ec183b

  • SHA512

    68b6ead7e46d30e9ad15df9880ff61a2c93b6a778dc1fe13710011c148fa3d1f7800016989b63df10e714d74e8cb5d34e877982eab30de197636f7325bfa9141

  • SSDEEP

    3072:TfLZ8mbGUFCvwb3qfKmHQvDpiso+F47RoBLL6X8h/oGtaTW0a0499aqO7aGSF2Y1:TzZ8SZSw7qnEwt8nhgGIMDauGsrG1B78

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\902f7cc8e6623ebbb3a3d6514dea4f774749c25b183bdd0f18a4c12098ec183b.exe
    "C:\Users\Admin\AppData\Local\Temp\902f7cc8e6623ebbb3a3d6514dea4f774749c25b183bdd0f18a4c12098ec183b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 396
      2⤵
      • Program crash
      PID:2932
    • C:\Users\Admin\AppData\Local\Temp\902f7cc8e6623ebbb3a3d6514dea4f774749c25b183bdd0f18a4c12098ec183b.exe
      C:\Users\Admin\AppData\Local\Temp\902f7cc8e6623ebbb3a3d6514dea4f774749c25b183bdd0f18a4c12098ec183b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3348
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 364
        3⤵
        • Program crash
        PID:4156
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2216 -ip 2216
    1⤵
      PID:3188
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3348 -ip 3348
      1⤵
        PID:1580

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\902f7cc8e6623ebbb3a3d6514dea4f774749c25b183bdd0f18a4c12098ec183b.exe
              Filesize

              203KB

              MD5

              2ae88065b3e8b37c648b593866938695

              SHA1

              936dcd05a5f3283df26e2971f1d2547698267e12

              SHA256

              4b9271146a53753a9a75573776c06d62771148e39d45d44966f702f40cf0fb66

              SHA512

              52fd6756a69d06407e44e62d645d76df75bf08bf3158b6d654f69fd0b8d19cc0f99807e994c81ba97dfe7ed7681a32a16f1570df672095ec9ba95529c60cbd71

              Download Submit

            • memory/2216-0-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/2216-6-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/3348-7-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/3348-8-0x0000000000400000-0x000000000041A000-memory.dmp

              Filesize

              104KB

              Download

            • memory/3348-13-0x0000000004D90000-0x0000000004DCF000-memory.dmp

              Filesize

              252KB

              Download