Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/09/2024, 22:01

General

  • Target

    a9c6505ad020d7771df829f15d405bd0N.exe

  • Size

    3.7MB

  • MD5

    a9c6505ad020d7771df829f15d405bd0

  • SHA1

    9b9b139d09cba729ff808fa203f6d152e978ac00

  • SHA256

    885c252a449162949dac364e69e8b93d29d8794ce5f474219d236afe46641e1e

  • SHA512

    a22beb257cf26d3f63e5c0227cf27605c6c9a2933a032216ab00204a511def18c1b36ec77d2a65a60df9c7db5fc24178e3253370993bbfa370566f04bc741c9a

  • SSDEEP

    24576:2uLZMTc+FqzmLmwm+Fqzl+Fqzj+FqzmLmwq+FqzDl+Fqzj+FqmNmwq+FqzDl+Fql:2ulMTdttrZAtn

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9c6505ad020d7771df829f15d405bd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a9c6505ad020d7771df829f15d405bd0N.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Users\Admin\AppData\Local\Temp\apvxpuv.exe
      C:\Users\Admin\AppData\Local\Temp\apvxpuv.exe
      2⤵
      • Executes dropped EXE
      PID:784
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 24
        3⤵
        • Program crash
        PID:3628
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 784 -ip 784
    1⤵
      PID:2496

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\apvxpuv.exe

            Filesize

            5.0MB

            MD5

            dfca5ec85ace299e6188f299d6337f93

            SHA1

            66470d31889bdfea9a2204ff37ae6afa52a3c5ca

            SHA256

            bfe8b2f890c4de4fe1a2bd3770919e46d91f8d68689b72a1be7f36302325e235

            SHA512

            6ba876c0389c166a7219fa00c35853b8910c317bdf4e37c2ebc18a9c773cb00fdfbaf5c06caa18c20a2ffe3f3f1d89fc4cda5cda90a5bafa8b0c5a6d29a7254e

          • memory/784-2-0x0000000074840000-0x00000000748C0000-memory.dmp

            Filesize

            512KB

          • memory/784-5-0x0000000000400000-0x000000000046B000-memory.dmp

            Filesize

            428KB

          • memory/1476-4-0x0000000000400000-0x000000000042F000-memory.dmp

            Filesize

            188KB