Overview

overview

7

Static

static

3

1e2f8c757b...0N.exe

windows7-x64

7

1e2f8c757b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    105s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 14:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1e2f8c757b1357431d8cfcd5d36481e0N.exe

  • Size

    320KB

  • MD5

    1e2f8c757b1357431d8cfcd5d36481e0

  • SHA1

    634c9c952dba7288dc3e456ed8a3803ffbaa91ea

  • SHA256

    9091835de75b38a106727cccd62922b7c14827537f97c06c1398ee4ac84f175e

  • SHA512

    86162bc400c56aa908196fc246a14b2604785f4088ee26fa5ecc8644b105ebc24e28eedc0df7e202848a3887f261e42751cacf6416c142c0a16d2547841355a3

  • SSDEEP

    6144:CBfuAT6RAmD0OgyXdWw24HCRXnkjHqQbG1B7qV40saiigCD1:CBfup+mwOh24HCRKHqQbG1BmVQ5zCD1

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e2f8c757b1357431d8cfcd5d36481e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e2f8c757b1357431d8cfcd5d36481e0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 396
      2⤵
      • Program crash
      PID:3196
    • C:\Users\Admin\AppData\Local\Temp\1e2f8c757b1357431d8cfcd5d36481e0N.exe
      C:\Users\Admin\AppData\Local\Temp\1e2f8c757b1357431d8cfcd5d36481e0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3984
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 364
        3⤵
        • Program crash
        PID:1620
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3028 -ip 3028
    1⤵
      PID:2064
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3984 -ip 3984
      1⤵
        PID:4160

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\1e2f8c757b1357431d8cfcd5d36481e0N.exe
              Filesize

              320KB

              MD5

              58f21c645999c5e8d2563a5b4bbe54b3

              SHA1

              9ff46d3c3e7a55e08af94feb636a0fc4a02e33fa

              SHA256

              1a67d1e82d79fdfd5bb6b29d26f62624edfb5d0d3fe0716a8113c4856f48f8b9

              SHA512

              bfd49f4e898976d95f4e283421ca6698fa964d3cda79ceae413d19164f98aaba8d1bb130b513378db72d3a933041a2588c6348a8434b6266a5c83087f07e0f9e

              Download Submit

            • memory/3028-0-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/3028-6-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/3984-7-0x0000000000400000-0x000000000043F000-memory.dmp

              Filesize

              252KB

              Download

            • memory/3984-13-0x0000000000190000-0x00000000001CF000-memory.dmp

              Filesize

              252KB

              Download

            • memory/3984-9-0x0000000000400000-0x000000000041A000-memory.dmp

              Filesize

              104KB

              Download