Malware Analysis Report

2025-04-13 11:48

Sample ID 221019-p2qtnsgcg4
Target 640-170-0x0000000000400000-0x0000000000463000-memory.dmp
SHA256 7f24532e3b1f4be85eb2c7ebf67421e62fb2f45a449f2bd08450a2f4df8d4d45
Tags
517 vidar
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7f24532e3b1f4be85eb2c7ebf67421e62fb2f45a449f2bd08450a2f4df8d4d45

Threat Level: Known bad

The file 640-170-0x0000000000400000-0x0000000000463000-memory.dmp was found to be: Known bad.

Malicious Activity Summary

517 vidar

Vidar family

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-10-19 12:49

Signatures

Vidar family

vidar

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-19 12:49

Reported

2022-10-19 12:53

Platform

win10v2004-20220812-en

Max time kernel

144s

Max time network

167s

Command Line

"C:\Users\Admin\AppData\Local\Temp\640-170-0x0000000000400000-0x0000000000463000-memory.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\640-170-0x0000000000400000-0x0000000000463000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\640-170-0x0000000000400000-0x0000000000463000-memory.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 224

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
NL 104.80.225.205:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 40.125.122.176:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
US 20.189.173.2:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-19 12:49

Reported

2022-10-19 12:53

Platform

win7-20220812-en

Max time kernel

29s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\640-170-0x0000000000400000-0x0000000000463000-memory.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\640-170-0x0000000000400000-0x0000000000463000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\640-170-0x0000000000400000-0x0000000000463000-memory.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 36

Network

N/A

Files

memory/1728-54-0x0000000000000000-mapping.dmp