Analysis
-
max time kernel
52s -
max time network
72s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
19-03-2023 02:58
Static task
static1
General
-
Target
d5f738f9753a1e34c914e195a6cb2ffad16228909c88eec2adc8e581023600f2.exe
-
Size
900KB
-
MD5
a2fbdd7b5c035944a5efa472b83736ef
-
SHA1
8c4daf6ad2058c75f7e4a3b1775757547074a3ea
-
SHA256
d5f738f9753a1e34c914e195a6cb2ffad16228909c88eec2adc8e581023600f2
-
SHA512
d50c0a13e1aa344c6af179efe6d1d2a7defec8f1abadafdd6683c780ada085ae3423119d00eabfdbab787be13221c1e46d24727d2d512ae0051087842172a67f
-
SSDEEP
12288:hx1vJfpzeLkTqhqeEmCJQOSafgHeGL7GOK:JfzIkTgqeEDQOffGod
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3176 2312 WerFault.exe d5f738f9753a1e34c914e195a6cb2ffad16228909c88eec2adc8e581023600f2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5f738f9753a1e34c914e195a6cb2ffad16228909c88eec2adc8e581023600f2.exe"C:\Users\Admin\AppData\Local\Temp\d5f738f9753a1e34c914e195a6cb2ffad16228909c88eec2adc8e581023600f2.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2312 -s 14642⤵
- Program crash