Overview

overview

7

Static

static

3

f1337cad33...0N.exe

windows7-x64

7

f1337cad33...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-09-2024 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1337cad3319668215e2ba276e98a810N.exe

  • Size

    203KB

  • MD5

    f1337cad3319668215e2ba276e98a810

  • SHA1

    fbed62d2c4fd8a50a377881cd01a4a1ca91b7d7a

  • SHA256

    b341cbb98a0bbc8ae93cb08ab1a526ecdfd1601c3e20ce8974231e82e670aef5

  • SHA512

    8aa8f09a413dc5153cc3994fafb57a6ad0fd91c29a03121cb5db3133e0de6c246bf01359ef25e695d40ca488839f1ec50830d4acbf5a9ffcb5a673b8e0172a58

  • SSDEEP

    6144:GW7cvST8OkgGCkOC7i+m3dYl9Y+mjnG1B78:R7MnmGCkv++U6Y+mzG1BA

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1337cad3319668215e2ba276e98a810N.exe
    "C:\Users\Admin\AppData\Local\Temp\f1337cad3319668215e2ba276e98a810N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:5084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 396
      2⤵
      • Program crash
      PID:4564
    • C:\Users\Admin\AppData\Local\Temp\f1337cad3319668215e2ba276e98a810N.exe
      C:\Users\Admin\AppData\Local\Temp\f1337cad3319668215e2ba276e98a810N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3592
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 372
        3⤵
        • Program crash
        PID:4976
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5084 -ip 5084
    1⤵
      PID:772
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3592 -ip 3592
      1⤵
        PID:3672

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\f1337cad3319668215e2ba276e98a810N.exe
        Filesize

        203KB

        MD5

        70d7b0c9042383d64fdc5959865b3981

        SHA1

        5899629a37288e8df3cb238cd4cddd6f2d71da55

        SHA256

        9f17ebacadf4c00ad67a6764775c298b9f90ba9d383e26eb485d950d9a1babf0

        SHA512

        1f5cdaf5e3fa51cc70fd0fc77e741fc958fbb918575cacc4608876b6f16db5f01e71cb928f8ec9c8831c4e3e5b74f3786b658b12b81d8d48fbdfd485cc5f6e32

        Download Submit

      • memory/3592-6-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/3592-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3592-13-0x0000000001690000-0x00000000016CF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/3592-14-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/5084-0-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/5084-7-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download