Overview

overview

5

Static

static

5

a0e490d63b...8d.exe

windows7-x64

5

a0e490d63b...8d.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    93s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 02:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe

  • Size

    1.1MB

  • MD5

    d93efcb98bdcbfdc11553b3db8e02589

  • SHA1

    ef671718a742893fbe6072a1ed8b5fcb19f26255

  • SHA256

    a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d

  • SHA512

    319ea0b98f78500ef8d9588dfc44e0bb9ccfdd3e1dfe1f4e9ad939060983972ebb3c46c044bbcc40775520ecce86ec6c5c12c5b923b2fa0e6da9a39e8d28c175

  • SSDEEP

    24576:bpAHnh+eWsN3skA4RV1Hom2KXMmHag4CACT/vCqXoH5:Eh+ZkldoPK8Yag4CdrTXQ

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe
    "C:\Users\Admin\AppData\Local\Temp\a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4208
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe"
      2⤵
        PID:1784
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 196
          3⤵
          • Program crash
          PID:4256
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1784 -ip 1784
      1⤵
        PID:4764

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\autB585.tmp
              Filesize

              268KB

              MD5

              9f56eead9e0a90eb99002282ebf721f7

              SHA1

              4c70df444fe41a005da95bd58d90f1aebe7e442e

              SHA256

              2a5e7fafc0538ecbc4bf03bf7eee77d9d2cdc84c8f1071689b9e9adf3c6e5543

              SHA512

              c8da5039cc0c429081f51133a9ea4b53353e0993d1412eb079b5d1b51bb9c4eff0d16964e4ca5de0de42f0b9d13ffbfb348f4c56756df0197b0d50c5f28cfa65

              Download Submit

            • memory/1784-13-0x0000000000600000-0x0000000000643000-memory.dmp

              Filesize

              268KB

              Download

            • memory/4208-12-0x0000000000CB0000-0x0000000000CB4000-memory.dmp

              Filesize

              16KB

              Download