Analysis
-
max time kernel
155s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:01
Behavioral task
behavioral1
Sample
75098fcc2a67552f7b460586397e28fd.exe
Resource
win7-20231215-en
windows7-x64
5 signatures
150 seconds
General
-
Target
75098fcc2a67552f7b460586397e28fd.exe
-
Size
80KB
-
MD5
75098fcc2a67552f7b460586397e28fd
-
SHA1
f27e20f7e8031bdfa825642c9ce2f0f1a8ab2a21
-
SHA256
7f295a18bd5eca0a4584f31fdf3d567bdfa80f6602dd5819d331f349bf4ba150
-
SHA512
da2021ed4a5a7927278df1f5e1e3413fbf15babcc55d4840bb6200d4c73cf8897621e9aee06e6db54095015902e21c86ba36923eb335b89ed7a613acf72a2e97
-
SSDEEP
1536:+zWsWHRwXZGZjq+UCh7YEPs6+tVZuvicmEY5:+zyHR6GZjqUhnk5iiWY5
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1472-0-0x0000000013150000-0x0000000013185000-memory.dmp upx behavioral2/memory/1472-1-0x0000000013150000-0x0000000013185000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3424 1472 WerFault.exe 75098fcc2a67552f7b460586397e28fd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\75098fcc2a67552f7b460586397e28fd.exe"C:\Users\Admin\AppData\Local\Temp\75098fcc2a67552f7b460586397e28fd.exe"1⤵PID:1472
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 3122⤵
- Program crash
PID:3424
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1472 -ip 14721⤵PID:1856