Overview
overview
10Static
static
ET.lnk
windows7-x64
10ET.lnk
windows10-1703-x64
10ET.lnk
windows10-2004-x64
10fumigating...es.cmd
windows7-x64
1fumigating...es.cmd
windows10-1703-x64
1fumigating...es.cmd
windows10-2004-x64
1fumigating/erupt.dll
windows7-x64
3fumigating/erupt.dll
windows10-1703-x64
3fumigating/erupt.dll
windows10-2004-x64
3fumigating...ty.cmd
windows7-x64
1fumigating...ty.cmd
windows10-1703-x64
1fumigating...ty.cmd
windows10-2004-x64
1Analysis
-
max time kernel
72s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
08-12-2022 14:08
Static task
static1
Behavioral task
behavioral1
Sample
ET.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ET.lnk
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
ET.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral4
Sample
fumigating/actuaries.cmd
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
fumigating/actuaries.cmd
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
fumigating/actuaries.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
fumigating/erupt.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
fumigating/erupt.dll
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
fumigating/erupt.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral10
Sample
fumigating/perplexity.cmd
Resource
win7-20221111-en
Behavioral task
behavioral11
Sample
fumigating/perplexity.cmd
Resource
win10-20220901-en
Behavioral task
behavioral12
Sample
fumigating/perplexity.cmd
Resource
win10v2004-20221111-en
General
-
Target
fumigating/erupt.dll
-
Size
209KB
-
MD5
952c6ae48b5f7cb5977f9ce5159944b7
-
SHA1
ec0ee94c0da39681e3ff7b78d2b1c6b63e76f9e5
-
SHA256
898a12fb7193c8260e9a8b9afc177b34608a9eeb1b927b895d9033e86185757d
-
SHA512
dfa53c3224888e73d9728fcdf605c0eaad8ed96bfdd7276f44be25c2292756a1e1a504c50ca525227d23e42d7045120ceab7e8f0cd84e992997d9376a5857143
-
SSDEEP
6144:z7N2DFx/kYWK4XDfAW2J//+777777Lw9oHMAqL4OF3u8:z5O//E777777LwmqLzF3u8
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 912 1312 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1312 wrote to memory of 912 1312 rundll32.exe WerFault.exe PID 1312 wrote to memory of 912 1312 rundll32.exe WerFault.exe PID 1312 wrote to memory of 912 1312 rundll32.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/912-54-0x0000000000000000-mapping.dmp