vidar | 2867f0355e38e9be503d1ec97152643adc51e8f5d1a2c1f7bbbf8a13ba14b071

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02-12-2023 16:53

Target

2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe
Size

38.8MB
MD5

c6f861eed223b62c7f07ebf2f1683272
SHA1

81503fb5e98b9e1a0d7ab28698f31175f41cebd2
SHA256

2867f0355e38e9be503d1ec97152643adc51e8f5d1a2c1f7bbbf8a13ba14b071
SHA512

c274d0292a84ffdebb80be6172ef5a5ecb6277e3d84e3e245406ead7bcb1c8056ad66f714987643d97539536ef5b0e5b26867135476ad67a15e5cb1b86cee9b0
SSDEEP

3072:afysv34+VEjY9c5WuSIfSJKTuz1F/nMR8yPUxcrmnUlnrnTfmJ/qIsn8qqVnCJHu:afyKE89+WyPTuz70R8yTnrjwQhJtJjX

Score

10^/10

vidar stealer

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2056 1412 WerFault.exe 2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe

pid	pid_target	process	target process
2056	1412	WerFault.exe	2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe

description	pid	process	target process
PID 1412 wrote to memory of 2056	1412	2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe	WerFault.exe
PID 1412 wrote to memory of 2056	1412	2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe	WerFault.exe
PID 1412 wrote to memory of 2056	1412	2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe	WerFault.exe
PID 1412 wrote to memory of 2056	1412	2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2140-3-0x0000000000400000-0x0000000002ACD000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 36
2⤵
- Program crash
PID:2056

memory/1412-0-0x0000000000400000-0x0000000000649000-memory.dmp

Filesize
2.3MB

Download