Analysis

  • max time kernel
    31s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2024, 14:40

Errors

Reason
Machine shutdown

General

  • Target

    MalwareBazaar.exe

  • Size

    1.2MB

  • MD5

    5f9a0cb83894c70bc24e0f9254fb8c47

  • SHA1

    4a72402a2de6f13d3bc7aea07efe0fb0942ed740

  • SHA256

    b79a12b0fc47bdaa7e1da3863e004d5e4a9acfcbb251ee60248564ceeb451b8d

  • SHA512

    8f9e3557d4fcc2471d234fc7b1495993706edb24a38f9067239afe05371d170754e121e2ce8eadd1a949ad0d86f639a2f3bf7b386e3633d2e5bf4a6d1e466c03

  • SSDEEP

    24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8aNiSSHyA1jXh:hTvC/MTQYxsWR7aNiSSFpX

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
    "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
      2⤵
        PID:2028
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 192
          3⤵
          • Program crash
          PID:5056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2028 -ip 2028
      1⤵
        PID:4728

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ultraradicalism

        Filesize

        281KB

        MD5

        69d66bc768f1c50e4ea1cf68a0d92602

        SHA1

        b2a549ef3d452d85af705764760903224a5d5522

        SHA256

        539bf6030060fb375c51f71c206921d1511d6c138b7286ce84abfa63aca9c2a4

        SHA512

        ab1df0052568119868b60407d8a5741008c26309871911d06f58d50959d7ac44c7c8064b94c7952807b7b9cf15051840a6898cdcd0bdef628bbc97c38df49373

      • memory/2020-13-0x0000000002970000-0x0000000002974000-memory.dmp

        Filesize

        16KB

      • memory/2028-14-0x00000000003A0000-0x00000000003E7000-memory.dmp

        Filesize

        284KB