Overview

overview

7

Static

static

3

d731cd11d3...0N.exe

windows7-x64

7

d731cd11d3...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d731cd11d36ec1893dab48e1a1f2b1a0N.exe

  • Size

    197KB

  • MD5

    d731cd11d36ec1893dab48e1a1f2b1a0

  • SHA1

    47a4281cc14782fae6abf31d36d9d16bf9658032

  • SHA256

    d596932032df59a72ca8388f365018015fa8085b8f137338207dfea86e8d88fa

  • SHA512

    c13e54c57eb2de227fe6b05cff23d92470c649663a98be3057e7d20674631de1444930e2d4fe02d7ed50ea363d2743bce9a3b40edc8ae648cb73937df3fc4df7

  • SSDEEP

    3072:K833xwTX1+W9uoHsd+Y/5AKPvAgeOF0Y5GfUnp4g8kBG8CjLaawR:KexwTXcuuZ9AfOFWfUnp4g8kVd

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d731cd11d36ec1893dab48e1a1f2b1a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\d731cd11d36ec1893dab48e1a1f2b1a0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 408
      2⤵
      • Program crash
      PID:3488
    • C:\Users\Admin\AppData\Local\Temp\d731cd11d36ec1893dab48e1a1f2b1a0N.exe
      C:\Users\Admin\AppData\Local\Temp\d731cd11d36ec1893dab48e1a1f2b1a0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2024
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 376
        3⤵
        • Program crash
        PID:4540
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3400 -ip 3400
    1⤵
      PID:2252
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2024 -ip 2024
      1⤵
        PID:1732

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\d731cd11d36ec1893dab48e1a1f2b1a0N.exe
        Filesize

        197KB

        MD5

        151e4145927b02709a9ca8c4edaabc85

        SHA1

        6f25059de57fa7a948126736e57394cdd7037107

        SHA256

        c6e0e80066daa66bab7ede5115cc42ce5b5e1795bc09255864e1e63fc11b9077

        SHA512

        3f4ec8b1f8a9cf494dcfc0c53c02863f8ac617748b7baeaef66f11dbe3bda89808c0503082270876cee330e0103d1b122cd1bad98c07761f259da16e7773a2d9

        Download Submit

      • memory/2024-8-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/2024-14-0x0000000001490000-0x00000000014C9000-memory.dmp

        Filesize

        228KB

        Download

      • memory/2024-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2024-15-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/3400-0-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/3400-7-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download