Overview

overview

7

Static

static

3

49a3d0b26f...0N.exe

windows7-x64

7

49a3d0b26f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    101s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49a3d0b26fc91931ce43fc2fc51fe220N.exe

  • Size

    272KB

  • MD5

    49a3d0b26fc91931ce43fc2fc51fe220

  • SHA1

    2c3256237579c77c1c7b34faeb4db048e70e7f94

  • SHA256

    be9c4ad379e677f95ef9c90b564662a2114864d64633b16f9bcc6c25f906d00b

  • SHA512

    2dfacf0a0c69d7dcc9dc1c579be45891e6a981d49aad6ce42257ac39ffefbc1df56853980715811f11a94a6236b4ccaee8a3a839f80f3cf9c3d58c7b5d4cdfa9

  • SSDEEP

    6144:mh+aGE8hUa0uNVQ7mfNPc1T9nHw+9yy6atBWOw:PFNVzPc1T9n/97tA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exe
    "C:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4424
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 396
      2⤵
      • Program crash
      PID:1568
    • C:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exe
      C:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 364
        3⤵
        • Program crash
        PID:408
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4424 -ip 4424
    1⤵
      PID:4248
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2868 -ip 2868
      1⤵
        PID:2036

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\49a3d0b26fc91931ce43fc2fc51fe220N.exe
        Filesize

        272KB

        MD5

        fc0751190c47bebe3c9a49ef906d663c

        SHA1

        b1e1f84e35db47cf7b28d208d94cd057b081277d

        SHA256

        534dd29aef1a34f84271890b3b203bd6b0c68faa5a0a9978e0686bed87a8f3d5

        SHA512

        64ce82d4eba14d8812d6d1d8b8b365f4f9b9de995065755549c5fd58e0c3a8cdd59cf399e3b8ccbcc11b4d9db107a57dc3d1a095464cbe4b1d9f04c402940b3c

        Download Submit

      • memory/2868-8-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/2868-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2868-14-0x00000000001C0000-0x00000000001F8000-memory.dmp

        Filesize

        224KB

        Download

      • memory/4424-0-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/4424-7-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download