Overview

overview

7

Static

static

WerFault.exe

windows7-x64

WerFault.exe

windows10-2004-x64

7

faultrep.dll

windows7-x64

1

faultrep.dll

windows10-2004-x64

1

file.xls

windows7-x64

1

file.xls

windows10-2004-x64

1

recent inv...es.lnk

windows7-x64

1

recent inv...es.lnk

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17a3c8d822309ce792bcfaac2f1b52eda4974ebfce17a5a7c9821daf6b5fc61f

  • Size

    10.6MB

  • Sample

    230104-qeskesbc3x

  • MD5

    d069812aa63b631897498621de353519

  • SHA1

    6b0cd7ae05f88d474c361fab658bf4b70c434cd4

  • SHA256

    17a3c8d822309ce792bcfaac2f1b52eda4974ebfce17a5a7c9821daf6b5fc61f

  • SHA512

    6dbee994501a4179e7cbbde3a46d26701f046f806b124c671284b8ac12abcfb428816eea4980c807e7588e5fa0005f9a585f23501eb5494e43049dc35602e27b

  • SSDEEP

    196608:liNPuXPM0cjq/RLx5xsDT/wY//Z/V4On1OFn:sJuXPM0aqFxO9H13o

Score
7/10

Malware Config

Targets

    • Target

      WerFault.exe

    • Size

      557KB

    • MD5

      fd27d9f6d02763bde32511b5df7ff7a0

    • SHA1

      ee79105026360209a5466db878e50f84cd6fc0f0

    • SHA256

      82e7105bc8decc5d75630ad984c12ba67ebf00109aeae739f4733f1e608b3b88

    • SHA512

      4d632b69087119e3303145eb0fa9339eb799596478b659c6f3fcfa35c6586569fe745355ac29bad7028674d8db4cc9549bdc8d5e9bd1b687caff9b5da3cbd3e2

    • SSDEEP

      12288:mIyVelsMij33R6TXrP3Fb1M8WbHOzvR7lfc2HywRhXM:mIdAUB1kHOzvR7lfcyh4

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      faultrep.dll

    • Size

      5.4MB

    • MD5

      42a5798608f196ce7376ce196f4452fe

    • SHA1

      d4b4c0c77e0fce48c01790160aca6874a9548c24

    • SHA256

      459dc6aeffb60a7ca353a525e5f90a03eedb7d52cac387f54723024be6371d72

    • SHA512

      65c02f1dffed11dad59159e7d95e71bafc6fb2e3dfcf7d4c89e46b9c14797a5e64af7f426c9b755e6cef904e2ebb1e205aace9e7a413c5da54ac1497355e5fe1

    • SSDEEP

      98304:MyiNvXuYbYJhLoKVHcA0q/RNt4U6NY9rxTQDE+XbtJwY/sedZx/TvICC:tiNPuXPM0cjq/RLx5xsDT/wY//Z/VC

    Score
    1/10
    behavioral3behavioral4

    • Target

      file.xls

    • Size

      4.3MB

    • MD5

      995739173ae6cf6b30fb070c00ccf771

    • SHA1

      cb0c797d132ac5908dd328ee0623cb0497ecc9d7

    • SHA256

      afcbbbde5dd8bbc8b88ae3c5d23976e0b806c1ea0abe06cdf4535a8a8b41ead6

    • SHA512

      a80b676647208e51995feb64086962def974d03235eb7fbc3bc3fb73d9da86c0d5059dd13c965fb4fc925adbecb5dc980e44a1ddd040890555843131f4ba7a3a

    • SSDEEP

      49152:9hoFBmK9IO6NXfJnF4r3UmXrhE+Gvfly+c:9zyr6NJF4rkmXtEvN

    Score
    1/10
    behavioral5behavioral6

    • Target

      recent inventory& our specialties.lnk

    • Size

      1KB

    • MD5

      8edf5d4427609a5735dc8cf4e0b6cf22

    • SHA1

      5afae73d8c81383b95e26fecef69ef3c289e5a28

    • SHA256

      14337a93db09b43eb0cd7ffdb3482567979cec85bdac24db904ed3297ae74511

    • SHA512

      5d5dec4454e5be490a437bea5c032af7ca52e337b829c6d0e57c674e2211ced008cc4d1cbff2f1b68fb04636d1c22cbef828534093da942dabd3d53a71255678

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks