Overview

overview

7

Static

static

3

1f31db117f...24.exe

windows7-x64

7

1f31db117f...24.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f31db117f35f3deb434329f28d1f54122e064bf4e403eadc562903c52c53d24.exe

  • Size

    256KB

  • MD5

    e83370e109e5f45345ce132e538cfc22

  • SHA1

    ee399a691cae7aab9fd6eb90ac5f7797d937c8e6

  • SHA256

    1f31db117f35f3deb434329f28d1f54122e064bf4e403eadc562903c52c53d24

  • SHA512

    00fc2cd3c4dfb0a25ac6e9f45ca09966648a2eb8c2668eae676612ba57cc6c308d209f852648283649057821fd2ea273fbb4843c0c7714858a0c9e78493e170b

  • SSDEEP

    6144:jNFxufS6B29w0q83HVfu3vRZZ3jlbtvjzCnvzWMpWgP+v0W7cyqCxSngmMBqf7:ofIDH9AvRZZ3RbtvjzCnvzWMpWV50npX

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f31db117f35f3deb434329f28d1f54122e064bf4e403eadc562903c52c53d24.exe
    "C:\Users\Admin\AppData\Local\Temp\1f31db117f35f3deb434329f28d1f54122e064bf4e403eadc562903c52c53d24.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 384
      2⤵
      • Program crash
      PID:3128
    • C:\Users\Admin\AppData\Local\Temp\1f31db117f35f3deb434329f28d1f54122e064bf4e403eadc562903c52c53d24.exe
      C:\Users\Admin\AppData\Local\Temp\1f31db117f35f3deb434329f28d1f54122e064bf4e403eadc562903c52c53d24.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:3440
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 352
        3⤵
        • Program crash
        PID:1916
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 768
        3⤵
        • Program crash
        PID:1288
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 808
        3⤵
        • Program crash
        PID:2920
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 816
        3⤵
        • Program crash
        PID:4072
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3576 -ip 3576
    1⤵
      PID:1548
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3440 -ip 3440
      1⤵
        PID:1088
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3440 -ip 3440
        1⤵
          PID:5112
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3440 -ip 3440
          1⤵
            PID:1124
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3440 -ip 3440
            1⤵
              PID:4428

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\1f31db117f35f3deb434329f28d1f54122e064bf4e403eadc562903c52c53d24.exe
              Filesize

              256KB

              MD5

              907f312ebe7eed3a89979f8d1ba6cbda

              SHA1

              b2f5619692f30df0573cd41e16420c523a588c3e

              SHA256

              2f52879e5273b422307d622870caf38b932eddc73a4a058ae08d32081ad720f5

              SHA512

              34bc5dbdc6b3d567c7d3d6892208e1b723ab4609f07fa7c649bfd406779ed681ce073af42ef801c6e2e550d723ba3731e84f3600553935aa37d0f2cec05cf4d6

              Download Submit

            • memory/3440-7-0x0000000000400000-0x000000000043C000-memory.dmp

              Filesize

              240KB

              Download

            • memory/3440-8-0x0000000000150000-0x000000000018C000-memory.dmp

              Filesize

              240KB

              Download

            • memory/3440-9-0x0000000000400000-0x0000000000415000-memory.dmp

              Filesize

              84KB

              Download

            • memory/3576-0-0x0000000000400000-0x000000000043C000-memory.dmp

              Filesize

              240KB

              Download

            • memory/3576-6-0x0000000000400000-0x000000000043C000-memory.dmp

              Filesize

              240KB

              Download