Analysis
-
max time kernel
142s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
02-02-2024 15:04
Behavioral task
behavioral1
Sample
89d2a51b87f8f8d0df3cb6af9b022a9a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
89d2a51b87f8f8d0df3cb6af9b022a9a.exe
Resource
win10v2004-20231222-en
General
-
Target
89d2a51b87f8f8d0df3cb6af9b022a9a.exe
-
Size
65KB
-
MD5
89d2a51b87f8f8d0df3cb6af9b022a9a
-
SHA1
39f9f3b34f61b80c9e8e6d967397b6acc9ce9b61
-
SHA256
a5ab3c391548b6ee57853dcee8c01fbbb7a19755a83bf3ec95f94cea85ee60b5
-
SHA512
52583a2c3e689ad3eaf6f2cd07a1ba14d35ddde79cd2dc114665b191adfe7022cc326e28075147f55338b3f431f766e3bbb4c2d335953f8188ddb27535e5ca71
-
SSDEEP
768:T8m1Sq4NQErBNH1tzoisBKQI6dObAG/dq8uW29Ifnch/yyR+P2ujfpihKPAB7Xod:rsq+Qi4rObAdXWpfgyBjoKNwiVo6aO
Malware Config
Signatures
-
Detect XtremeRAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2804-0-0x0000000010000000-0x000000001004A000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2808 2804 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
89d2a51b87f8f8d0df3cb6af9b022a9a.exedescription pid Process procid_target PID 2804 wrote to memory of 2808 2804 89d2a51b87f8f8d0df3cb6af9b022a9a.exe 28 PID 2804 wrote to memory of 2808 2804 89d2a51b87f8f8d0df3cb6af9b022a9a.exe 28 PID 2804 wrote to memory of 2808 2804 89d2a51b87f8f8d0df3cb6af9b022a9a.exe 28 PID 2804 wrote to memory of 2808 2804 89d2a51b87f8f8d0df3cb6af9b022a9a.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\89d2a51b87f8f8d0df3cb6af9b022a9a.exe"C:\Users\Admin\AppData\Local\Temp\89d2a51b87f8f8d0df3cb6af9b022a9a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 1602⤵
- Program crash
PID:2808
-