14cd4107d41d6a58c3f5af24af7a18f1b4ec06e4e4b09baf2199cdf60bc3fb47

Analysis

max time kernel
1s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 21:55

Target

4487cdfd6247907fef7f7a2579e60a5e.exe
Size

791KB
MD5

4487cdfd6247907fef7f7a2579e60a5e
SHA1

7e52416b0efefd459feee191d6651a39a24cdf3a
SHA256

14cd4107d41d6a58c3f5af24af7a18f1b4ec06e4e4b09baf2199cdf60bc3fb47
SHA512

959ccf204ecefcf7afdfc5373467796c5efca1cc17e9eee4fb1cb5cb08a85c15dfed1306c3a9440b9a66bb3fee007e70edbff320e56cb61e65f1820858d538b6
SSDEEP

12288:70gVy90eHGesA35KRlj9psCtrTLTMvX1nmbkFxWJMao4pmlEbr9xk+b3K:4uyz2A35YskrvTQlmSkJzHbr/a

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2640	2884	WerFault.exe	32

C:\Users\Admin\AppData\Local\Temp\4487cdfd6247907fef7f7a2579e60a5e.exe
"C:\Users\Admin\AppData\Local\Temp\4487cdfd6247907fef7f7a2579e60a5e.exe"
1⤵
PID:4580
- C:\Users\Admin\AppData\Local\Temp\Setup.EXE
  C:\Users\Admin\AppData\Local\Temp\\Setup.EXE
  2⤵
  PID:2884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 2452
    3⤵
    - Program crash
    PID:2640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2884 -ip 2884
1⤵
PID:4536

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact