onlylogger | a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d

Analysis

max time kernel
159s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08-11-2022 17:44

Target

a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
Size

385KB
MD5

ffa06f234334af87d130340b4dada0e7
SHA1

637722f366a30f0d6f1f5c76f341b7c97b85bdb3
SHA256

a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d
SHA512

fb4dc1dfc064e02ddc09f9f648b7ab8f636f536a6068c70a53c83e3066d123e29902f1a6ffd009155b90a879bedabf57539614c2c2efe1bc84afbb8aad4258a3
SSDEEP

6144:650oi1EV0HU8UtZ8VIJvILD58RcBpySzdj17TfIq25cczCmDCs60WW:82HUXT8IJwWRcP9jVfIqSc4PD1x

Score

10^/10

onlylogger loader

OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4112-133-0x0000000002130000-0x0000000002174000-memory.dmp	family_onlylogger
behavioral2/memory/4112-134-0x0000000000400000-0x0000000000505000-memory.dmp	family_onlylogger

Program crash 10 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3948	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
4764	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
4720	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
4292	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
1060	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
1476	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
1312	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
1500	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
376	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
2920	4112	WerFault.exe	a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe

C:\Users\Admin\AppData\Local\Temp\a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe
"C:\Users\Admin\AppData\Local\Temp\a8c359ab3ee7933b74030bd796a0a52537344f83bff6c4135354f6979106a03d.exe"
1⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 624
2⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 660
2⤵
- Program crash
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 732
2⤵
- Program crash
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 788
2⤵
- Program crash
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 916
2⤵
- Program crash
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 1064
2⤵
- Program crash
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 1264
2⤵
- Program crash
PID:1312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 1396
2⤵
- Program crash
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 1392
2⤵
- Program crash
PID:376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 1012
2⤵
- Program crash
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4112 -ip 4112
1⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4112 -ip 4112
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4112 -ip 4112
1⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4112 -ip 4112
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4112 -ip 4112
1⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4112 -ip 4112
1⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4112 -ip 4112
1⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4112 -ip 4112
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4112 -ip 4112
1⤵
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4112 -ip 4112
1⤵
PID:4544

memory/4112-132-0x0000000000558000-0x0000000000580000-memory.dmp

Filesize
160KB

Download
memory/4112-133-0x0000000002130000-0x0000000002174000-memory.dmp

Filesize
272KB

Download
memory/4112-134-0x0000000000400000-0x0000000000505000-memory.dmp

Filesize
1.0MB

Download
memory/4112-135-0x0000000000558000-0x0000000000580000-memory.dmp

Filesize
160KB

Download