Overview

overview

7

Static

static

3

0e7460d5c7...43.exe

windows7-x64

7

0e7460d5c7...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-07-2024 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe

  • Size

    448KB

  • MD5

    8c23d4da041648056f2aeef1d3821fc0

  • SHA1

    ed33789d1d2fe0ad940caf58b89179b04cbe2d4a

  • SHA256

    0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743

  • SHA512

    3dd1499a2677c385f3baea68c4058a4c66927debacb10b5d569589ff59c45552cb6761265092b2c42f24371f6e05c5e62593945c8d080d561a2859d4a1a7671a

  • SSDEEP

    6144:5LiHv5tgNOZUVVCf8OoI82wwiWhV40saiigCD4H2cHwXWNzDw:585JZU/aoIfwPWhVQ5zCD4TyWN4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe
    "C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 396
      2⤵
      • Program crash
      PID:3060
    • C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe
      C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3380
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 364
        3⤵
        • Program crash
        PID:3524
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 960 -ip 960
    1⤵
      PID:3084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3380 -ip 3380
      1⤵
        PID:4316

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe
        Filesize

        448KB

        MD5

        a4b23c7b9383904fa4781a61549b35cf

        SHA1

        8e92dada266effe30c6e52882c2a04754568e37b

        SHA256

        140a2b60731d5724f77117ac9728c0481ad08df4619ae986a6f3010f7e126b6d

        SHA512

        258eadaa79588f9cf1e3b5b86da2211a20d56eccd2adee0e9b9a1e2ddea0fdadd35a33a09314a15da4fe918b4992b2f80c0818aebe8a17cdfa2ff9f94b6c5ad8

        Download Submit

      • memory/960-0-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/960-6-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3380-7-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3380-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3380-13-0x00000000014A0000-0x00000000014E6000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3380-14-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download