Overview

overview

10

Static

static

c0d123fe19013e...65.exe

windows7_x64

10

c0d123fe19013e...65.exe

windows10-2004_x64

3
General
Target

c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe

Filesize

154KB

Completed

08-05-2022 17:43

Task

behavioral2

Score
3/10
MD5

46c63a1a5969b2021fc95e425667da5f

SHA1

2847bdb673cec997bbad1e074f36e23da3c4f2a5

SHA256

c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165

SHA256

1a57b1f77d724ad3b812e6845ded4021fd70f93dd1987294b9f1430bdd80d3a632daa41912989e8783aef6eb46159175cbc98c7de4da3a86f9b61ca6e7b8d93d

Malware Config
Signatures 1

Filter: none

  • Program crash
    WerFault.exe

    Reported IOCs

    pidpid_targetprocesstarget process
    44724968WerFault.exec0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
Processes 3
  • C:\Users\Admin\AppData\Local\Temp\c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
    "C:\Users\Admin\AppData\Local\Temp\c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe"
    PID:4968
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4968 -s 152
      Program crash
      PID:4472
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 408 -p 4968 -ip 4968
    PID:2040
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads