Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-11-2024 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    427KB

  • MD5

    0feb0ed834d41cb1679420de40a5510e

  • SHA1

    d4a916ef04c3cb4b1180c270bcd924d7ae7a9d73

  • SHA256

    30bed3d9aafd3aa38664887f1840728db524e7f268bcb385f588764642b06b7f

  • SHA512

    4727f38d260f8213dd300151863f9de66a779b3f263a7eb7558f61c6bbc69a1ff8e1724bcdeb1aa72fe30709103fb046ef235e84ccac98176715f6bf34233b83

  • SSDEEP

    6144:giILFBm9kDZNRWyoAplNpwhBbi5Z6An7FTS0w4z1T:giIJBm9kb6Q3pwJimAn70Oh

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Program crash 8 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4844
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 752
      2⤵
      • Program crash
      PID:2240
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 784
      2⤵
      • Program crash
      PID:4508
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 784
      2⤵
      • Program crash
      PID:3456
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 776
      2⤵
      • Program crash
      PID:860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 908
      2⤵
      • Program crash
      PID:4076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 916
      2⤵
      • Program crash
      PID:1888
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 920
      2⤵
      • Program crash
      PID:4048
    • C:\Users\Admin\AppData\Roaming\SLA2YLO\wP7sAGO0ldxYu.exe
      "C:\Users\Admin\AppData\Roaming\SLA2YLO\wP7sAGO0ldxYu.exe"
      2⤵
      • Executes dropped EXE
      PID:2380
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 1276
      2⤵
      • Program crash
      PID:1924
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4844 -ip 4844
    1⤵
      PID:2124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4844 -ip 4844
      1⤵
        PID:2016
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4844 -ip 4844
        1⤵
          PID:3780
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4844 -ip 4844
          1⤵
            PID:3784
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4844 -ip 4844
            1⤵
              PID:1564
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4844 -ip 4844
              1⤵
                PID:1520
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4844 -ip 4844
                1⤵
                  PID:4588
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4844 -ip 4844
                  1⤵
                    PID:5032

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\SLA2YLO\wP7sAGO0ldxYu.exe
                    Filesize

                    4KB

                    MD5

                    f328a95046e3a2514c36347eaec911c0

                    SHA1

                    8ec9c18384ca1e08a397bf7b3d46b6d784669ef0

                    SHA256

                    d55e86610dcad29c3d2857d9dae91aa51228b1fa001ea2d7bda88b9a2b5570a9

                    SHA512

                    2fc3621433c5da3dcb5b9d9133cd9d63d8f53fd60c81ddab8b83bad60efb98942fc38a63dfa98edfc8358c8e4e345a7ec8fa3aa14c18d4337cdd90ea0aed4718

                    Download Submit

                  • memory/2380-14-0x00007FF81C943000-0x00007FF81C945000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/2380-15-0x0000000000F00000-0x0000000000F08000-memory.dmp

                    Filesize

                    32KB

                    Download

                  • memory/4844-0-0x00000000001D0000-0x00000000001FB000-memory.dmp

                    Filesize

                    172KB

                    Download

                  • memory/4844-1-0x0000000000830000-0x000000000085E000-memory.dmp

                    Filesize

                    184KB

                    Download

                  • memory/4844-2-0x0000000000400000-0x0000000000431000-memory.dmp

                    Filesize

                    196KB

                    Download

                  • memory/4844-6-0x0000000010000000-0x000000001001C000-memory.dmp

                    Filesize

                    112KB

                    Download

                  • memory/4844-17-0x00000000001D0000-0x00000000001FB000-memory.dmp

                    Filesize

                    172KB

                    Download

                  • memory/4844-19-0x0000000000830000-0x000000000085E000-memory.dmp

                    Filesize

                    184KB

                    Download

                  • memory/4844-20-0x0000000000400000-0x0000000000473000-memory.dmp

                    Filesize

                    460KB

                    Download

                  • memory/4844-21-0x0000000000400000-0x0000000000431000-memory.dmp

                    Filesize

                    196KB

                    Download