Analysis
-
max time kernel
83s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
02-06-2023 09:35
Behavioral task
behavioral1
Sample
Device/HarddiskVolume9/RECYCLER/S-3-5-01-4621304173-6055156028-813125507-4057/TVnHnIdF.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Device/HarddiskVolume9/RECYCLER/S-3-5-01-4621304173-6055156028-813125507-4057/TVnHnIdF.exe
Resource
win10v2004-20230220-en
General
-
Target
Device/HarddiskVolume9/RECYCLER/S-3-5-01-4621304173-6055156028-813125507-4057/TVnHnIdF.exe
-
Size
185KB
-
MD5
59157bcbfe97f9f8b00af1eb39c87a53
-
SHA1
63f11e1730237a17d71bb1927e67f561a7dec607
-
SHA256
d49df261cebcfdc69c73a485002786c0ace31ee0c85cbfe45b830de3c737b941
-
SHA512
034a730883b0436326b67e996182e0749513f2e1be8b554ff91cfc121d0ea38c7651e0b2dbfadcb34e7b43b54b2fecf35cf8135b227ffe6717e356c5f17ca65c
-
SSDEEP
1536:+OC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:+wV4OgSzBmh04eZFkz3Rr0gwGj9Tf8
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1700-133-0x0000000000400000-0x0000000000472000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3732 1700 WerFault.exe TVnHnIdF.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume9\RECYCLER\S-3-5-01-4621304173-6055156028-813125507-4057\TVnHnIdF.exe"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume9\RECYCLER\S-3-5-01-4621304173-6055156028-813125507-4057\TVnHnIdF.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 2162⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1700 -ip 17001⤵