Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 11:05

General

  • Target

    4f298c60ee97d98a04e1b9bbb0a33b60N.exe

  • Size

    197KB

  • MD5

    4f298c60ee97d98a04e1b9bbb0a33b60

  • SHA1

    bcf307a8e48a8fdbf0b1550ba5b46b3afc3b6a9f

  • SHA256

    415ab84305ed8f55a7ea15fc1d18277268791a6c48ce2942c19d2f6a4bf77399

  • SHA512

    466b994e8e8acb41a5ed29bb9f8e446d69785b278f5bf4ec4847a7c5680dfe1f88b5b7d7cb97ff1a3feafbc255e725da69ffc1cedf285b07aba26e58a891896e

  • SSDEEP

    6144:AY9BWBYSFIM+5a8xUPdn7fw0dFbwHmZ+XsSXFAk4+hu+e:AY9EBDFJ+5zU1nLDdFbHZ+XsSOk4+hun

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 408
      2⤵
      • Program crash
      PID:1100
    • C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe
      C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 376
        3⤵
        • Program crash
        PID:4468
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4356 -ip 4356
    1⤵
      PID:4784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1452 -ip 1452
      1⤵
        PID:3788

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe

        Filesize

        197KB

        MD5

        e745d868a985667a13b0f62ce3b0f8e7

        SHA1

        77e463cdc1ce2138aac3cb917a70756cb649654d

        SHA256

        76490419e63595d09c129617d56cbb3eab0fbc3653f42b375a653463cfe9297b

        SHA512

        52724cbac4c10456ac956ea383905eb3570b6dcfbcdf0deb24ba03e07c275624f2b414905b0c4e74cf878d126695a1d9aa803a18e5dc0d978e5f9b396189d368

      • memory/1452-8-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

      • memory/1452-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

      • memory/1452-14-0x00000000015D0000-0x0000000001609000-memory.dmp

        Filesize

        228KB

      • memory/4356-0-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

      • memory/4356-7-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB