Overview

overview

7

Static

static

3

a82b3180ee...0N.exe

windows7-x64

7

a82b3180ee...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    101s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2024 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a82b3180ee075e75ed704a06a05f5ff0N.exe

  • Size

    194KB

  • MD5

    a82b3180ee075e75ed704a06a05f5ff0

  • SHA1

    79743ecc9b715575898e122422b16dfe6b437f5e

  • SHA256

    361356f9185004242942441921d8cabb98f497545409514d85db3c25d8584ec6

  • SHA512

    cb98c22f8e1eb9deb69ae173880ab898e12950c6add13e5be29259737fc19d81ccae838de68a74d5d1b6e46dcbaf29243639008ed74cd4df889d3add714e65aa

  • SSDEEP

    3072:2UMTrOzktXOYlwTFf560MgH1kRY4sbQfJnSIET8ZXawu0U5q8Vc4qQZt:CTrOUOZ80MpYRbQfJuw

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a82b3180ee075e75ed704a06a05f5ff0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a82b3180ee075e75ed704a06a05f5ff0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 424
      2⤵
      • Program crash
      PID:952
    • C:\Users\Admin\AppData\Local\Temp\a82b3180ee075e75ed704a06a05f5ff0N.exe
      C:\Users\Admin\AppData\Local\Temp\a82b3180ee075e75ed704a06a05f5ff0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:712
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 400
        3⤵
        • Program crash
        PID:2604
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4380 -ip 4380
    1⤵
      PID:904
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 712 -ip 712
      1⤵
        PID:2028

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\a82b3180ee075e75ed704a06a05f5ff0N.exe
        Filesize

        194KB

        MD5

        bb88935557379f3ef6a3aa664c30d638

        SHA1

        357fbee5201ed18f32125832328d4a8901e9578b

        SHA256

        2078d610c97a1af7634bf17da71dfe40c3db91c3e646ac923df09f7c12c16884

        SHA512

        06a3696392daa481c4de889672e92291e82c1f2e7a61f6363d7557a5976389e23669a5c7c0729e74531d7d4e82a33ee884998a7995e55db00d0636de7551fe1d

        Download Submit

      • memory/712-7-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/712-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/712-14-0x00000000014B0000-0x00000000014E9000-memory.dmp

        Filesize

        228KB

        Download

      • memory/712-15-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/4380-0-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/4380-8-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download