Overview

overview

7

Static

static

3

132fdc75a9...0N.exe

windows7-x64

7

132fdc75a9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    102s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/08/2024, 07:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    132fdc75a907a2c261bbd45d45c4d490N.exe

  • Size

    2.3MB

  • MD5

    132fdc75a907a2c261bbd45d45c4d490

  • SHA1

    b00cda200175fc885c1a02ba6944bc7a5cfef2df

  • SHA256

    aa0d6bf4a1283e89adbfe178a52e55f6a5184c7b96eca442e959f7d6f128c4a3

  • SHA512

    9819890b2f48f37f4b352d789a1c7fd4202072f8c7b36d8d50de42940f1edc6a5697dfd893f667a0e0f869937d0689d7aa1132367941772f12b712cff1097697

  • SSDEEP

    24576:9OdPWsbOja/ZSkJovBYLYsSwdaJ+4h99Fm+ci2a/ZSrJovBY:0csbyg+h7Q+F2g

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\132fdc75a907a2c261bbd45d45c4d490N.exe
    "C:\Users\Admin\AppData\Local\Temp\132fdc75a907a2c261bbd45d45c4d490N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 352
      2⤵
      • Program crash
      PID:1492
    • C:\Users\Admin\AppData\Local\Temp\132fdc75a907a2c261bbd45d45c4d490N.exe
      C:\Users\Admin\AppData\Local\Temp\132fdc75a907a2c261bbd45d45c4d490N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4624
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 344
        3⤵
        • Program crash
        PID:212
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 368
        3⤵
        • Program crash
        PID:4768
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1316 -ip 1316
    1⤵
      PID:4076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4624 -ip 4624
      1⤵
        PID:3708
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4624 -ip 4624
        1⤵
          PID:4340

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\132fdc75a907a2c261bbd45d45c4d490N.exe
          Filesize

          2.3MB

          MD5

          1576a20d4b4dc1935e63382558faf4fc

          SHA1

          9c551d4ab393756f7639880be8e4b0f5b7cd14bd

          SHA256

          c1a55a3093e3c30a85d2f9daa7b6beb4eba75c41e1a3b6e0c5962225af246a48

          SHA512

          fb708708a236a9d9bafdd19a0a49fd168208a91bbe8d98c17f704fa7500b2bee26186090f953be5db5ed48f6a5eb0fe565f98c7c510989aa807bc6fdb40e35b0

          Download Submit

        • memory/1316-0-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1316-10-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/4624-6-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/4624-7-0x00000000051E0000-0x00000000052CD000-memory.dmp

          Filesize

          948KB

          Download

        • memory/4624-9-0x0000000000400000-0x00000000004A3000-memory.dmp

          Filesize

          652KB

          Download