Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2024, 19:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a5a32a6ee05184ac6a06b8e2097900ab.exe
Resource
win7-20231215-en
4 signatures
150 seconds
General
-
Target
a5a32a6ee05184ac6a06b8e2097900ab.exe
-
Size
94KB
-
MD5
a5a32a6ee05184ac6a06b8e2097900ab
-
SHA1
0d48f3a10508b57fd85dc3dd00456f8737882e8e
-
SHA256
3bbde22a359e87d031d57a749ffedbed03268f435ef4982a5421f3b0df19e380
-
SHA512
81f5648541e826e7a54bfb1d058cf1ca7c3c92200675d74b48e4679ac5e1bcd92beaeb1bf9656ac3a4eda68cba0c9834686ece6b1559d5643e7cec0b1474bf65
-
SSDEEP
768:tEzQE2+b7B1T4t7vI2NiN+U4ZmTX7CaKf+ibj55VTQ1RBkMoas0Qz3FGnuYoEq:t235b7vkmVN+1e3c+ibV561RBhoB1Eq
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 4980 a5a32a6ee05184ac6a06b8e2097900ab.exe -
resource yara_rule behavioral2/memory/4980-1-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4980-8-0x0000000000400000-0x0000000000423000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 5068 4980 WerFault.exe 14
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5a32a6ee05184ac6a06b8e2097900ab.exe"C:\Users\Admin\AppData\Local\Temp\a5a32a6ee05184ac6a06b8e2097900ab.exe"1⤵
- Loads dropped DLL
PID:4980 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 2802⤵
- Program crash
PID:5068
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4980 -ip 49801⤵PID:920