Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 23:50
Behavioral task
behavioral1
Sample
9728d6fe6c196833a2cf8f6f52841b27.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9728d6fe6c196833a2cf8f6f52841b27.exe
Resource
win10v2004-20231215-en
General
-
Target
9728d6fe6c196833a2cf8f6f52841b27.exe
-
Size
65KB
-
MD5
9728d6fe6c196833a2cf8f6f52841b27
-
SHA1
9e425ca000a7feb52fc884955664cca1f66c2421
-
SHA256
04b3a838c52e5a749414192858ea8b9ffd1670bdb5bb2a95263e55a3a10ab8cd
-
SHA512
4ae1585e6cb0e49dabd336b995332325b0a90a753c84b55334a1a82447e05b3c185257ce8b2aedbac2944f52bc1b5ffa39cccbf3c12f80c1d66ef31fdfaa304e
-
SSDEEP
768:Aem1Sq4NQErBsH1tzoisBKQI6dObAG/dq8uW29Ifnca/yyR+P2ujfKiZKPA+7Xon:4sq+QV4rObAdXWpf/yi7ozNwiC4X
Malware Config
Signatures
-
Detect XtremeRAT payload 1 IoCs
resource yara_rule behavioral1/memory/2212-0-0x0000000010000000-0x000000001004A000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Program crash 1 IoCs
pid pid_target Process 2228 2212 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2228 2212 9728d6fe6c196833a2cf8f6f52841b27.exe 16 PID 2212 wrote to memory of 2228 2212 9728d6fe6c196833a2cf8f6f52841b27.exe 16 PID 2212 wrote to memory of 2228 2212 9728d6fe6c196833a2cf8f6f52841b27.exe 16 PID 2212 wrote to memory of 2228 2212 9728d6fe6c196833a2cf8f6f52841b27.exe 16
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 1601⤵
- Program crash
PID:2228
-
C:\Users\Admin\AppData\Local\Temp\9728d6fe6c196833a2cf8f6f52841b27.exe"C:\Users\Admin\AppData\Local\Temp\9728d6fe6c196833a2cf8f6f52841b27.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2212