Overview

overview

7

Static

static

3

886f0f0a61...2d.exe

windows7-x64

7

886f0f0a61...2d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 01:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    886f0f0a61db6d2280c1114151eadcd4bcc027b2160816b16b3463823723a12d.exe

  • Size

    4.1MB

  • MD5

    2f17cd9caad32ffafa98c7f44a5ca2d5

  • SHA1

    318b333167cbe77654444d91cad0ea08a88e013e

  • SHA256

    886f0f0a61db6d2280c1114151eadcd4bcc027b2160816b16b3463823723a12d

  • SHA512

    53def71aaaddcfe6acfc366beae823a3688554210659b7f1febae0206f004d1ca47034055664fef206191d72a10924532bd11c36f6499a95f7c23446740e9700

  • SSDEEP

    24576:VpDpUuGeXVva/ZSVDbue+zxa/ZSrJovBYTqT2RUOa/ZSAajJBMqAX1Ea/ZSOue+l:VpDpUupVvg6n8xgClgCo/ugDw

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\886f0f0a61db6d2280c1114151eadcd4bcc027b2160816b16b3463823723a12d.exe
    "C:\Users\Admin\AppData\Local\Temp\886f0f0a61db6d2280c1114151eadcd4bcc027b2160816b16b3463823723a12d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 344
      2⤵
      • Program crash
      PID:608
    • C:\Users\Admin\AppData\Local\Temp\886f0f0a61db6d2280c1114151eadcd4bcc027b2160816b16b3463823723a12d.exe
      C:\Users\Admin\AppData\Local\Temp\886f0f0a61db6d2280c1114151eadcd4bcc027b2160816b16b3463823723a12d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5032
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 344
        3⤵
        • Program crash
        PID:1776
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 344
        3⤵
        • Program crash
        PID:5076
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2804 -ip 2804
    1⤵
      PID:3524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5032 -ip 5032
      1⤵
        PID:5112
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5032 -ip 5032
        1⤵
          PID:4872

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\886f0f0a61db6d2280c1114151eadcd4bcc027b2160816b16b3463823723a12d.exe
                Filesize

                4.1MB

                MD5

                a9413f407c733a0b4debaa7fbb41f18f

                SHA1

                8fc2a7b91bcb90f790af4a5c998f16dde25589e8

                SHA256

                4208e4e6a550243c4eaedebe3c94fa5e56bf181cbe25b58215b080d6377f5eab

                SHA512

                15bdf3f0a1a6dec14d44127fc7a49b6a1e3d4e50437b1d0adc2fd07fa92e19d5b60bdd8e61397e71c35144b7c1f55bfbc3165271ebf220159ad0dc6eb22f8bfd

                Download Submit

              • memory/2804-0-0x0000000000400000-0x00000000004EC000-memory.dmp

                Filesize

                944KB

                Download

              • memory/2804-5-0x0000000000400000-0x00000000004EC000-memory.dmp

                Filesize

                944KB

                Download

              • memory/5032-7-0x0000000000400000-0x00000000004EC000-memory.dmp

                Filesize

                944KB

                Download

              • memory/5032-8-0x00000000050C0000-0x00000000051AC000-memory.dmp

                Filesize

                944KB

                Download

              • memory/5032-9-0x0000000000400000-0x00000000004A3000-memory.dmp

                Filesize

                652KB

                Download