Overview

overview

7

Static

static

3

5145829611...0N.exe

windows7-x64

7

5145829611...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 06:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5145829611b41fe79b31d0b8c6affcd0N.exe

  • Size

    1.2MB

  • MD5

    5145829611b41fe79b31d0b8c6affcd0

  • SHA1

    b8aac0d1081d51e086536ba810d99839070ffb6d

  • SHA256

    9adc482430c0b8fe90c623c29752b4339c891cf7ab34ffff18d30b440b019b1e

  • SHA512

    fbe78ec1011cb2f16941b5a8042acde2552ea022a2b690cf53643a185ebecfce03da24e836b517bdb1d2967580101072c225a2d652affa01cd40ace5e9ae9aab

  • SSDEEP

    12288:+rcmir3xA0s5xVIdUTxsoFG/WjVDa/ZSkZjovBY62YsSwdaJ+4I:+Ar36vlsaa/ZSkJovBYLYsSwdaJ+4I

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5145829611b41fe79b31d0b8c6affcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5145829611b41fe79b31d0b8c6affcd0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 352
      2⤵
      • Program crash
      PID:3420
    • C:\Users\Admin\AppData\Local\Temp\5145829611b41fe79b31d0b8c6affcd0N.exe
      C:\Users\Admin\AppData\Local\Temp\5145829611b41fe79b31d0b8c6affcd0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:628
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 344
        3⤵
        • Program crash
        PID:400
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 364
        3⤵
        • Program crash
        PID:4292
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2568 -ip 2568
    1⤵
      PID:4852
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 628 -ip 628
      1⤵
        PID:1908
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 628 -ip 628
        1⤵
          PID:2432

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\5145829611b41fe79b31d0b8c6affcd0N.exe
                Filesize

                1.2MB

                MD5

                eaee789f38187637a42db352a411afe8

                SHA1

                fa056e33eaec906118620f91adae7167cd14f09b

                SHA256

                4aa42f4032f1c32e7ec0ef47b6dcde308c34868a37e5432218cd808e0cfc0e0f

                SHA512

                8367abdf7cfbc1da343cb79046d2167aa51c38b5e4712aba85eba01fa26c198f92dbc8f5261183155c12dc38c7faf6f77877122ebc08f5eddc80694b4e7b00ad

                Download Submit

              • memory/628-7-0x0000000000400000-0x00000000004ED000-memory.dmp

                Filesize

                948KB

                Download

              • memory/628-8-0x0000000005080000-0x000000000516D000-memory.dmp

                Filesize

                948KB

                Download

              • memory/628-9-0x0000000000400000-0x00000000004A3000-memory.dmp

                Filesize

                652KB

                Download

              • memory/2568-0-0x0000000000400000-0x00000000004ED000-memory.dmp

                Filesize

                948KB

                Download

              • memory/2568-6-0x0000000000400000-0x00000000004ED000-memory.dmp

                Filesize

                948KB

                Download