Analysis
-
max time kernel
172s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
29/11/2022, 13:50 UTC
General
-
Target
b012c95b1280763096eedc1bbfeac52931db469990c13e0ece75a24b9abf499a.exe
-
Size
80KB
-
MD5
97ea3081f9896ebe8286c20d33e3383a
-
SHA1
96a06e8009535b5a8b1b7803c0dbdfec8592ed49
-
SHA256
b012c95b1280763096eedc1bbfeac52931db469990c13e0ece75a24b9abf499a
-
SHA512
f0f104ad8be0dd2866c07e206fbf7674d4a76521c3f427f23e35faa46276afe3860a60d158f3a4e5d674248a0ab893960f0bdf998e62a7b3e1ac988d86c83aab
-
SSDEEP
1536:2onMcQqN0mRWUi3FhZ56q9HRtoTpLrOEaeH0Ysx1xZllsJbEF6B+H/j5JuoYq:2on/NpoF5dDoTpLiEaeFsBZ4bEF6B+
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b012c95b1280763096eedc1bbfeac52931db469990c13e0ece75a24b9abf499a.exe"C:\Users\Admin\AppData\Local\Temp\b012c95b1280763096eedc1bbfeac52931db469990c13e0ece75a24b9abf499a.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 2762⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 2842⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1796 -ip 17961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1796 -ip 17961⤵
Network
-
DNS151.122.125.40.in-addr.arpaRemote address:8.8.8.8:53Request151.122.125.40.in-addr.arpaIN PTRResponse -
DNS7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpaRemote address:8.8.8.8:53Request7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpaIN PTRResponse
-
52.182.141.63:443
-
93.184.221.240:80
-
93.184.221.240:80
-
8.8.8.8:53151.122.125.40.in-addr.arpadns
DNS Request
151.122.125.40.in-addr.arpa
-
8.8.8.8:537.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpadns
DNS Request
7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa