Overview

overview

7

Static

static

3

c467cce95f...0N.exe

windows7-x64

7

c467cce95f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    100s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 23:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c467cce95f1517670ce2356200617fc0N.exe

  • Size

    218KB

  • MD5

    c467cce95f1517670ce2356200617fc0

  • SHA1

    90dad6729100cd64a1f6a2c2a55645a94da00cc2

  • SHA256

    c3f83169fdc0bd30ec4640b69193eecac09994779aede5408b3c5f5bc67b80c0

  • SHA512

    4d24310552dd3f1861194a38e9d2853f113f8be8e9c8cdbb290211aede389d6d2ec4fb441df84a161a6f8919d4be048084c84737b8afc3dc5f267c0e5d6b6633

  • SSDEEP

    6144:cClkqXjRxx7WYayvc2iO4onCyz0dNCxdhHuX9aLisM+Nea:cClkqT0Y/E2ignCyUNCbhOX9aLisvNea

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c467cce95f1517670ce2356200617fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\c467cce95f1517670ce2356200617fc0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 396
      2⤵
      • Program crash
      PID:4708
    • C:\Users\Admin\AppData\Local\Temp\c467cce95f1517670ce2356200617fc0N.exe
      C:\Users\Admin\AppData\Local\Temp\c467cce95f1517670ce2356200617fc0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2612
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 368
        3⤵
        • Program crash
        PID:2264
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1860 -ip 1860
    1⤵
      PID:3944
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2612 -ip 2612
      1⤵
        PID:3676

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\c467cce95f1517670ce2356200617fc0N.exe
        Filesize

        218KB

        MD5

        8cc58c218808ce656cb3dcf2e342add3

        SHA1

        4c472fdb5bdf22d51a384b9cdc5caa0b169c562e

        SHA256

        c1cde71f276ea3be5b5c04294f1805a58ae85c986e81e3408ecf3acd2ae9ee45

        SHA512

        b2f5561b9949869009022ac1eb99870b8fd0e757e48302d1a427cc7daefad8af9e3155fe63008234da062f465888424b15f4a680b952b8a9568de15e7c1148eb

        Download Submit

      • memory/1860-0-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/1860-13-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2612-6-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2612-7-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2612-12-0x00000000015A0000-0x00000000015E2000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2612-14-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download