Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 11:05
Static task
static1
Behavioral task
behavioral1
Sample
4f298c60ee97d98a04e1b9bbb0a33b60N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4f298c60ee97d98a04e1b9bbb0a33b60N.exe
Resource
win10v2004-20240709-en
General
-
Target
4f298c60ee97d98a04e1b9bbb0a33b60N.exe
-
Size
197KB
-
MD5
4f298c60ee97d98a04e1b9bbb0a33b60
-
SHA1
bcf307a8e48a8fdbf0b1550ba5b46b3afc3b6a9f
-
SHA256
415ab84305ed8f55a7ea15fc1d18277268791a6c48ce2942c19d2f6a4bf77399
-
SHA512
466b994e8e8acb41a5ed29bb9f8e446d69785b278f5bf4ec4847a7c5680dfe1f88b5b7d7cb97ff1a3feafbc255e725da69ffc1cedf285b07aba26e58a891896e
-
SSDEEP
6144:AY9BWBYSFIM+5a8xUPdn7fw0dFbwHmZ+XsSXFAk4+hu+e:AY9EBDFJ+5zU1nLDdFbHZ+XsSOk4+hun
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1452 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Executes dropped EXE 1 IoCs
pid Process 1452 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 1100 4356 WerFault.exe 82 4468 1452 WerFault.exe 90 -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4356 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1452 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4356 wrote to memory of 1452 4356 4f298c60ee97d98a04e1b9bbb0a33b60N.exe 90 PID 4356 wrote to memory of 1452 4356 4f298c60ee97d98a04e1b9bbb0a33b60N.exe 90 PID 4356 wrote to memory of 1452 4356 4f298c60ee97d98a04e1b9bbb0a33b60N.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe"C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 4082⤵
- Program crash
PID:1100
-
-
C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exeC:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1452 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 3763⤵
- Program crash
PID:4468
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4356 -ip 43561⤵PID:4784
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1452 -ip 14521⤵PID:3788
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5e745d868a985667a13b0f62ce3b0f8e7
SHA177e463cdc1ce2138aac3cb917a70756cb649654d
SHA25676490419e63595d09c129617d56cbb3eab0fbc3653f42b375a653463cfe9297b
SHA51252724cbac4c10456ac956ea383905eb3570b6dcfbcdf0deb24ba03e07c275624f2b414905b0c4e74cf878d126695a1d9aa803a18e5dc0d978e5f9b396189d368