Analysis
-
max time kernel
81s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 14:24
Static task
static1
Behavioral task
behavioral1
Sample
New Order List.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
New Order List.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
New Order List.exe
-
Size
651KB
-
MD5
ef3ca842b9c00a0bc3c40cb0c547180e
-
SHA1
decbd80b7215eef9049542b529986359fea02ff9
-
SHA256
cc223497fe89e227d0696798ffd12ef6037ee71dfe047483f6a8f1be69bf5754
-
SHA512
4bd7eaf9b7c2c4c78b14788549cb71da2eb8074b81c786a6a8b0e03677a9bd1c89118a47ecd150249b46dab4798f0b00c4a5f40e15cd0a629243f90548eceede
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4264 4844 WerFault.exe New Order List.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\New Order List.exe"C:\Users\Admin\AppData\Local\Temp\New Order List.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 14522⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4844 -ip 48441⤵