Overview

overview

7

Static

static

3

395dcd2532...8e.exe

windows7-x64

7

395dcd2532...8e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    395dcd25323f9de18c6ad9873dd0d1e43be7bbafeea99a289b065a777c891a8e.exe

  • Size

    436KB

  • MD5

    7e0a309d45c675d2e1c699f3f5d27d67

  • SHA1

    5dced30773403822995b96b5deafd4f7c3710d52

  • SHA256

    395dcd25323f9de18c6ad9873dd0d1e43be7bbafeea99a289b065a777c891a8e

  • SHA512

    5216fe17d58025bfb3e1c6ac5e8fb017d7d944416f99d4cfcc3fb8e48f17602d1bca416b1692e7aef2bd9cfdf6901bbeb009eeb2a677ea2869ead233069f52cf

  • SSDEEP

    12288:ED24HuqI8p0LEaQkR0Juqv8kX9eHOdbIYjfOM2IIqtUV8nI1R+iKfz9cbzmkIE4o:ED2nviTtUV8nI1R+iKfz9cbzmkIE4SX3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\395dcd25323f9de18c6ad9873dd0d1e43be7bbafeea99a289b065a777c891a8e.exe
    "C:\Users\Admin\AppData\Local\Temp\395dcd25323f9de18c6ad9873dd0d1e43be7bbafeea99a289b065a777c891a8e.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 396
      2⤵
      • Program crash
      PID:2872
    • C:\Users\Admin\AppData\Local\Temp\395dcd25323f9de18c6ad9873dd0d1e43be7bbafeea99a289b065a777c891a8e.exe
      C:\Users\Admin\AppData\Local\Temp\395dcd25323f9de18c6ad9873dd0d1e43be7bbafeea99a289b065a777c891a8e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2484
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 372
        3⤵
        • Program crash
        PID:3628
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 968 -ip 968
    1⤵
      PID:2888
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2484 -ip 2484
      1⤵
        PID:3284

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\395dcd25323f9de18c6ad9873dd0d1e43be7bbafeea99a289b065a777c891a8e.exe
        Filesize

        436KB

        MD5

        3e30a91d9521d329b00c37301501e7df

        SHA1

        032d5cc8e9ba605bc643bf6a3c2ba2a7b0e403c0

        SHA256

        dbc9398eb68f5723734be80ebdd1ddb0dee040f318bee50a47c457d3211bcb1b

        SHA512

        ba5711fcc6dca0b0565cf6d32a05fc7d374848bcc1f8c00324c5cba336ea94e73a92974670ecf0ac18c5976a7bee2a798f6007cc7ac6228c20b77be77bf3dea3

        Download Submit

      • memory/968-0-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/968-7-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/2484-6-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/2484-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2484-13-0x0000000000190000-0x00000000001C8000-memory.dmp

        Filesize

        224KB

        Download