netsupport | d1ce40fcb8cfe878b44fbf8d377fbafbe970d8a39cf7f5573dca9e1053cd5943

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 13:47

Target

2024-04-09_b70ac6be4fae5d92ec7d0b315b36d2a9_mafia.exe
Size

3.0MB
MD5

b70ac6be4fae5d92ec7d0b315b36d2a9
SHA1

f7230fea2a792c9161336af8705ee182d8c8980c
SHA256

d1ce40fcb8cfe878b44fbf8d377fbafbe970d8a39cf7f5573dca9e1053cd5943
SHA512

89a1a362c786747f43965a0cb4cff549d06752dd5ecabed6799b3235ae9ba29498361a7df4770225906f2ce9713f25c776fd5a0f25b83bbfd35154dc9a7bb258
SSDEEP

24576:6UrkVwpQWecZyhfG+SvDZioocsygYhFFa0UwekqcsBh9aUg:9rkOpZeHfG+S7Z3o/ygYhFl96csBh9pg

Score

10^/10

netsupport rat

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4500	4616	WerFault.exe	85
3704	4616	WerFault.exe	85
992	4616	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\2024-04-09_b70ac6be4fae5d92ec7d0b315b36d2a9_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09_b70ac6be4fae5d92ec7d0b315b36d2a9_mafia.exe"
1⤵
PID:4616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 944
  2⤵
  - Program crash
  PID:4500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 952
  2⤵
  - Program crash
  PID:3704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 888
  2⤵
  - Program crash
  PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4616 -ip 4616
1⤵
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4616 -ip 4616
1⤵
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4616 -ip 4616
1⤵
PID:3928