Analysis
-
max time kernel
160s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 15:41
Static task
static1
Behavioral task
behavioral1
Sample
c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
Resource
win10v2004-20220414-en
General
-
Target
c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
-
Size
154KB
-
MD5
46c63a1a5969b2021fc95e425667da5f
-
SHA1
2847bdb673cec997bbad1e074f36e23da3c4f2a5
-
SHA256
c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165
-
SHA512
1a57b1f77d724ad3b812e6845ded4021fd70f93dd1987294b9f1430bdd80d3a632daa41912989e8783aef6eb46159175cbc98c7de4da3a86f9b61ca6e7b8d93d
Malware Config
Signatures
-
Program crash ⋅ 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4472 4968 WerFault.exe c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exePID:4968"C:\Users\Admin\AppData\Local\Temp\c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe"
-
C:\Windows\system32\WerFault.exePID:4472C:\Windows\system32\WerFault.exe -u -p 4968 -s 152Program crash
-
C:\Windows\system32\WerFault.exePID:2040C:\Windows\system32\WerFault.exe -pss -s 408 -p 4968 -ip 4968
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation