Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 09:48
Static task
static1
Behavioral task
behavioral1
Sample
6da97627f53ef956b4e000fb9f150553.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6da97627f53ef956b4e000fb9f150553.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
General
-
Target
6da97627f53ef956b4e000fb9f150553.exe
-
Size
553KB
-
MD5
6da97627f53ef956b4e000fb9f150553
-
SHA1
32edd8d768bf703a5742ff52fdb56f4ef9f42d88
-
SHA256
e0452ab52309304cd0da107eabf8cf7e15887f977a0e59c22166bcb7383f10d5
-
SHA512
48732bec8569ea86a239c7d1dc9f9b9e66cb4900f10bbf6bb4cfb7ea4900ca5537600739c05ca38fd8b3c093adfd137ffb5863c03cb4a23b88027c6b66a3ce58
-
SSDEEP
12288:rmnpciECA+jAQNuOShCuyulOVeAVAIVRtgUpA:rmn2r+dMhCufQeAVR5gUpA
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
Processes:
6da97627f53ef956b4e000fb9f150553.exepid process 1412 6da97627f53ef956b4e000fb9f150553.exe 1412 6da97627f53ef956b4e000fb9f150553.exe -
Drops file in Program Files directory 1 IoCs
Processes:
6da97627f53ef956b4e000fb9f150553.exedescription ioc process File opened for modification C:\Program Files (x86)\Common Files\overtyde.ini 6da97627f53ef956b4e000fb9f150553.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2856 1412 WerFault.exe 6da97627f53ef956b4e000fb9f150553.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
6da97627f53ef956b4e000fb9f150553.exedescription pid process target process PID 1412 wrote to memory of 2856 1412 6da97627f53ef956b4e000fb9f150553.exe WerFault.exe PID 1412 wrote to memory of 2856 1412 6da97627f53ef956b4e000fb9f150553.exe WerFault.exe PID 1412 wrote to memory of 2856 1412 6da97627f53ef956b4e000fb9f150553.exe WerFault.exe PID 1412 wrote to memory of 2856 1412 6da97627f53ef956b4e000fb9f150553.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6da97627f53ef956b4e000fb9f150553.exe"C:\Users\Admin\AppData\Local\Temp\6da97627f53ef956b4e000fb9f150553.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1412 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 5242⤵
- Program crash
PID:2856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD50588a5641b3acef5cd5e0fced8286529
SHA1c4465e00f4260c677c678f27924352e70706d1ad
SHA256d802a2ae71bb03d382576bfb3f3cb9dcf58387cdc7d8577614fc0a6b3eb071a1
SHA512faa408f26430d05a6263b8ee22cf64eebf2148708a161f91458b10b826e3c9b7773ec6e089cc0eb59acb6c7d94aebea8c5ddd70241457c0b89ca69e1df8b6b32
-
Filesize
860B
MD56db7671d2536f44eb6b446f2884efd4f
SHA194f91c6ee42bfd5ee54f2837061be50d46e85d09
SHA256d559a32e5f6a64c48da0eb5a080aab4fcd2f6c0ee6db745969eb883638f739ac
SHA512adf2614e2a21d6cd39321e3bbaa2fd84d5f4b749e0467c894b935d29ce3348c558b77f0cfff9c365c7be41bbf196547becdcfff35fa7c0ae86b9424bc1dcd3c6
-
Filesize
74B
MD516d513397f3c1f8334e8f3e4fc49828f
SHA14ee15afca81ca6a13af4e38240099b730d6931f0
SHA256d3c781a1855c8a70f5aca88d9e2c92afffa80541334731f62caa9494aa8a0c36
SHA5124a350b790fdd2fe957e9ab48d5969b217ab19fc7f93f3774f1121a5f140ff9a9eaaa8fa30e06a9ef40ad776e698c2e65a05323c3adf84271da1716e75f5183c3
-
Filesize
15B
MD5cf7be2840455491f249648c44a1dc759
SHA19863c7f04f9d674365fe23f257ba43447f985e8e
SHA256769c7c2ec9413a771a2f497862194dfb0200452f3a20f5e1f77ad0b6ae535697
SHA51283984674c9e337bda5ac88c3b2d0e426fd9051e1585b95ea99b3c569ace50900f811e664da9cf426f080837e2b48a5709003b7e5d25382a1ad90026b40777abd
-
Filesize
52B
MD55d04a35d3950677049c7a0cf17e37125
SHA1cafdd49a953864f83d387774b39b2657a253470f
SHA256a9493973dd293917f3ebb932ab255f8cac40121707548de100d5969956bb1266
SHA512c7b1afd95299c0712bdbc67f9d2714926d6ec9f71909af615affc400d8d2216ab76f6ac35057088836435de36e919507e1b25be87b07c911083f964eb67e003b
-
Filesize
15B
MD503789c00a9fe96c420d84fe30cbd902c
SHA1c3e589ccd78b4e000d7d294a0d308dfd385a1f43
SHA256b157a4d58f55726c15605ad776c9c961b28e1ce295d3ebcbad6ac80e5f2c9503
SHA51216b8866f73666e76b5fd8e04d362a9907accee835e2814197829a06b6f8442ca2ac6aef98960afcaedf64ad403e53374eb59746716dd5b4257d26d4ebfff72a6
-
Filesize
11KB
MD5e23600029d1b09bdb1d422fb4e46f5a6
SHA15d64a2f6a257a98a689a3db9a087a0fd5f180096
SHA2567342b73593b3aa1b15e3731bfb1afd1961802a5c66343bac9a2c737ee94f4e38
SHA512c971f513142633ce0e6ec6a04c754a286da8016563dab368c3fac83aef81fa3e9df1003c4b63d00a46351a9d18eaa7ae7645caef172e5e1d6e29123ab864e7ac