Analysis
-
max time kernel
98s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
04/12/2022, 00:51
General
-
Target
fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998.exe
-
Size
80KB
-
MD5
582d15f5103a6ba3697ed6a0d42998bc
-
SHA1
2c88fa48aef185584a908beea726729a3acab090
-
SHA256
fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998
-
SHA512
89b935794efb48571ac771144d434579b40c45d4308ba72834c4c31b32123210c2079ed791b358d3e278bfa661601cb8ee9a9c7907587a61657ccb65ac731b33
-
SSDEEP
1536:8lcbkxQBjOpHTJKqOPI8F62lvdczS4/eEByf4ExqK9/ziDvd:8likxQUtTJK5bhdcG4/eMyf4Eh9ziDd
Score
7/10
Malware Config
Signatures
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998.exe"C:\Users\Admin\AppData\Local\Temp\fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 9242⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2168 -ip 21681⤵