20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 00:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe
Size

3.8MB
MD5

4793fa50afaeab0ff53659466a778f90
SHA1

6c396de7357d0623dfdb81b76b082f0a2f21b8fb
SHA256

20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0
SHA512

7cc7422ad826edbff45e99a850cd79fdc3857bed77bf01a72b541d519975b571a075c0d725557cd199d211f96e28293b971908cff7a01a63f87d96acc06d784a
SSDEEP

98304:FvC2I7PyC82XK4iWAkh8xRHAFP/Ntu/RaAONKthw:lCoJi5CRRONKM

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2248	20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe
2248	20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2720	2248	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2248	20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe
2248	20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2720	2248	20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe	28
PID 2248 wrote to memory of 2720	2248	20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe	28
PID 2248 wrote to memory of 2720	2248	20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe	28
PID 2248 wrote to memory of 2720	2248	20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe	28

C:\Users\Admin\AppData\Local\Temp\20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe
"C:\Users\Admin\AppData\Local\Temp\20f06a5a551b638bd692d5b14a4f553eeb6404e27aa01caffe1244228c4ba5a0.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 320
  2⤵
  - Program crash
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2248-5-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2248-62-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2248-83-0x0000000001260000-0x0000000001637000-memory.dmp

Filesize
3.8MB

Download
memory/2248-80-0x00000000012D3000-0x00000000015CC000-memory.dmp

Filesize
3.0MB

Download
memory/2248-60-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2248-59-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2248-57-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2248-55-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2248-54-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2248-52-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2248-50-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2248-49-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2248-47-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2248-45-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2248-44-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2248-42-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2248-40-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2248-39-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2248-37-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2248-35-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2248-34-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2248-32-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2248-30-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2248-29-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2248-27-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2248-25-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2248-24-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2248-22-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2248-20-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2248-19-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2248-17-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2248-15-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2248-14-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2248-12-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2248-10-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2248-9-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2248-7-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2248-4-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2248-2-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2248-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2248-101-0x00000000012D3000-0x00000000015CC000-memory.dmp

Filesize
3.0MB

Download
memory/2248-102-0x0000000001260000-0x0000000001637000-memory.dmp

Filesize
3.8MB

Download