88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe
Size

640KB
MD5

6d622f572873d52f2bc53d03fe342d67
SHA1

3a0b30f95afa7a56bce6a8b7842c9b0d9a8ad877
SHA256

88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc
SHA512

003b57602e7f89538e65ed0727172e2dd5e6c0ec7e54910e3e982bfaaaad28d0b9ab14d62dfb09c807c086ebf8d87dedd0008c34238faf6c0f8b883f8f112c13
SSDEEP

12288:tcuiRRqTKFKCQClacIWzq6D9d9pA6etej3uC+IOJ5D9d9j:t2Rq6iCtIjgZKnJpV

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
900	88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe

Executes dropped EXE 1 IoCs

pid	Process
900	88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
4424	1876	WerFault.exe	80
4772	900	WerFault.exe	84
3344	900	WerFault.exe	84
3468	900	WerFault.exe	84
5028	900	WerFault.exe	84
1956	900	WerFault.exe	84
4380	900	WerFault.exe	84

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1876	88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
900	88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 900	1876	88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe	84
PID 1876 wrote to memory of 900	1876	88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe	84
PID 1876 wrote to memory of 900	1876	88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe	84

C:\Users\Admin\AppData\Local\Temp\88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe
"C:\Users\Admin\AppData\Local\Temp\88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 384
  2⤵
  - Program crash
  PID:4424
- C:\Users\Admin\AppData\Local\Temp\88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe
  C:\Users\Admin\AppData\Local\Temp\88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 352
    3⤵
    - Program crash
    PID:4772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 768
    3⤵
    - Program crash
    PID:3344
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 788
    3⤵
    - Program crash
    PID:3468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 776
    3⤵
    - Program crash
    PID:5028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 780
    3⤵
    - Program crash
    PID:1956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 812
    3⤵
    - Program crash
    PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1876 -ip 1876
1⤵
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 900 -ip 900
1⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 900 -ip 900
1⤵
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 900 -ip 900
1⤵
PID:372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 900 -ip 900
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 900 -ip 900
1⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 900 -ip 900
1⤵
PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\88c674371347be9aaba3f87f39c576112e07ae2ae8a569b2b192eedb16e10dcc.exe

Filesize
640KB

MD5
a71ce21fc5629ca6710ad3f2db4c57e5

SHA1
b63734deb1150214bc83ba1b303f5b07cf3373c6

SHA256
0d525c2b5f6c005c3b455851929ca65f6cae0329b4435e90d18709c482b594ff

SHA512
33925337bc84d30336c72b87e95bf91dd3e818758ae2b83f0f960b3ecc07f4726f925b1803eadf0f958400c2a22c5d98972f12da94a25329a4501510a1435414

Download Submit
memory/900-7-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/900-8-0x00000000014C0000-0x00000000014F6000-memory.dmp

Filesize
216KB

Download
memory/900-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1876-6-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download