Overview

overview

10

Static

static

3

rock455321.exe

windows7-x64

10

rock455321.exe

windows10-2004-x64

7

wiwve.exe

windows7-x64

3

wiwve.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2024 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rock455321.exe

  • Size

    333KB

  • MD5

    8684d70db70df0b6b307ea7d7cdaf7db

  • SHA1

    6bf38ec565189fd303275b7bc3c4770396c29f29

  • SHA256

    0479e653d2603f09b71afd0f2a7388c3af722643a49ac94541116dd6add60b2c

  • SHA512

    8bf5649fdf5ee3623f66a4cd46a001e07f77ef4e2b4232159cadf3d8c63e0bdec216c62219597b909f07d357d75bd994147c212f365389169a077b955550203a

  • SSDEEP

    6144:TxDb5vv/1m3QxOve1lmR4BEfrv2SoFJli1S1tXiplUXP0a9:03OO+YRYETv2SsDvvSpmx9

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rock455321.exe
    "C:\Users\Admin\AppData\Local\Temp\rock455321.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\wiwve.exe
      C:\Users\Admin\AppData\Local\Temp\wiwve.exe C:\Users\Admin\AppData\Local\Temp\hldlbugxq
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Users\Admin\AppData\Local\Temp\wiwve.exe
        C:\Users\Admin\AppData\Local\Temp\wiwve.exe C:\Users\Admin\AppData\Local\Temp\hldlbugxq
        3⤵
          PID:2032
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 492
          3⤵
          • Program crash
          PID:3940
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2676 -ip 2676
      1⤵
        PID:864

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\0dqf5giar64yom
        Filesize

        211KB

        MD5

        590b26017a9bbe9ef834d288f9429229

        SHA1

        b81f357dcdf39081bbbd57175201b6df2b3cb865

        SHA256

        7ed1f17cc357ce0a716d9ae3a290c2c6fe697af2ba3793a429334c8d36556fa5

        SHA512

        b5ee39a09653bf873add627349a50b8c0913ccd34d36297ff40fd567c35a1e0ebf2efef9d01bdc520b0b7d4c108e28f3c695956d9d8388b8ae5a37cfa082c143

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\hldlbugxq
        Filesize

        4KB

        MD5

        9b731bf05c900fcb59edbe09acb0d826

        SHA1

        ead267da13e71a51e752ff53bb95ef8cabf6bbf3

        SHA256

        e212e509792102795ba48dd7ba93f2c000365ad77c8056cccb23ce0ceb9360ef

        SHA512

        f854504fa9af02d201869dc8678051c73254d8f481c9f49a9cfbea22816764bceb8810b6e8439dded87972b1b7058cb3e9e820c12d681b3dc56cafdd3755506d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\wiwve.exe
        Filesize

        222KB

        MD5

        c8da642b7d1d6af209da1815cfabb8ef

        SHA1

        abf77fa46cd99db90601f2b1b9d351bca76d1fcb

        SHA256

        5d1e158dc8e0168cdf718ca396a9cf158da04155266190fdc461db3b4ff91daf

        SHA512

        5d6cafb172568f2542f4c09bffc1608245436a5a7698131c37c9ae8175477709390516197e6302cb036cf39a0d7c456e1236604581b4e468bcf06e90ceff8a97

        Download Submit

      • memory/2676-8-0x00000000005A0000-0x00000000005A2000-memory.dmp

        Filesize

        8KB

        Download