Analysis
-
max time kernel
146s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
12-12-2022 16:56
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Dec12.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Scan_Dec12.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
ragaxe/codXl.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
ragaxe/codXl.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
ragaxe/offscouring.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
ragaxe/offscouring.dll
Resource
win10v2004-20220812-en
General
-
Target
ragaxe/offscouring.dll
-
Size
823KB
-
MD5
faa496bdd79e0ed4d4def753d2232bb8
-
SHA1
195dcacfb7d9a25585667e8ebdb5cd9926ffe069
-
SHA256
5c4061ed08f89eaa12f61842bc2bef83d29a2727a9dcff5d445d6b2fd120cae9
-
SHA512
0d57b824d0ac13d27e644465734cccbae50d3280dd00ab525fd4a9a965cc783e7e638960ec3f69ef31de51504f67bd4b810d0efb84808afac90d5013779bee34
-
SSDEEP
24576:4EQudEkIk9Xvw1H1F8es1F118HZsD96XXXrXXXzXXX9XXXa:4EQu2Vk9Y1H1v/HZa
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4108 3320 WerFault.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ragaxe\offscouring.dll,#11⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3320 -s 3522⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 408 -p 3320 -ip 33201⤵