Analysis
-
max time kernel
152s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-07-2022 08:11
General
-
Target
3c3a3e87ec02e301b748c730a7c379424e93e6f3bbe2128000b8f33084b7d641.exe
-
Size
422KB
-
MD5
cfca9ac2b0a1b969f80dfa7f76ed131e
-
SHA1
404c46ee53a8a47941a342bb2924e5cd5ff0495d
-
SHA256
3c3a3e87ec02e301b748c730a7c379424e93e6f3bbe2128000b8f33084b7d641
-
SHA512
f9a42bcf75b76dada47a0febb9710b72a2a1f2c31b1c9e01fb4533edd159664fd55e784d13dc191603e52946b97aa96e5a923fbaf1237273d873bfe7573e189b
Score
10/10
Malware Config
Signatures
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
-
OnlyLogger Payload 2 IoCs
-
Program crash 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c3a3e87ec02e301b748c730a7c379424e93e6f3bbe2128000b8f33084b7d641.exe"C:\Users\Admin\AppData\Local\Temp\3c3a3e87ec02e301b748c730a7c379424e93e6f3bbe2128000b8f33084b7d641.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 6322⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 6402⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 7402⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 8162⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 7522⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 9122⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 10722⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 19442⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 6482⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1872 -ip 18721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1872 -ip 18721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1872 -ip 18721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1872 -ip 18721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1872 -ip 18721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1872 -ip 18721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1872 -ip 18721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1872 -ip 18721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1872 -ip 18721⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1872-130-0x0000000002D93000-0x0000000002DBA000-memory.dmpFilesize
156KB
-
memory/1872-131-0x0000000002BD0000-0x0000000002C14000-memory.dmpFilesize
272KB
-
memory/1872-132-0x0000000000400000-0x0000000002BC3000-memory.dmpFilesize
39.8MB