Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19-12-2023 14:26
Behavioral task
behavioral1
Sample
424d62f26707eace0cd7a2f75f07b636.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
424d62f26707eace0cd7a2f75f07b636.exe
Resource
win10v2004-20231201-en
General
-
Target
424d62f26707eace0cd7a2f75f07b636.exe
-
Size
93KB
-
MD5
424d62f26707eace0cd7a2f75f07b636
-
SHA1
c920b3d3b89bb5195059765cc63da80da7edd826
-
SHA256
daf0e8f20ba17846c23d6e6006ab07cfd8f0b78d2914b26de1f87f9b60b4859b
-
SHA512
fbd0ca98e3699bcbf18381cc91cd4e8aca59cfd1168ddadf10a3b5c6568c95dec7d6ff7e326f37f7b1325a6cd5e36e9d4c1741cffbf9e0f8af53b9ef00bdb8ea
-
SSDEEP
1536:oWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUj3jy0:oWTHVn8TXvc4O3CFvlaSED1Pqj/
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2740 1276 WerFault.exe 424d62f26707eace0cd7a2f75f07b636.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
424d62f26707eace0cd7a2f75f07b636.exedescription pid process target process PID 1276 wrote to memory of 2740 1276 424d62f26707eace0cd7a2f75f07b636.exe WerFault.exe PID 1276 wrote to memory of 2740 1276 424d62f26707eace0cd7a2f75f07b636.exe WerFault.exe PID 1276 wrote to memory of 2740 1276 424d62f26707eace0cd7a2f75f07b636.exe WerFault.exe PID 1276 wrote to memory of 2740 1276 424d62f26707eace0cd7a2f75f07b636.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\424d62f26707eace0cd7a2f75f07b636.exe"C:\Users\Admin\AppData\Local\Temp\424d62f26707eace0cd7a2f75f07b636.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 8202⤵
- Program crash
PID:2740