ed614783ecd08afb919ae4b42625beaa6c9ed4207fa4f9c925c32a16d543ee3a

Resubmissions

17/04/2024, 12:19 UTC

240417-pg5r4afh91 10

17/04/2024, 12:18 UTC

240417-pg46kaee23 10

17/04/2024, 12:18 UTC

240417-pg4j2afh9x 10

17/04/2024, 12:18 UTC

240417-pg3yhaee22 10

17/04/2024, 12:18 UTC

240417-pg1s5sfh9t 10

16/04/2024, 14:07 UTC

240416-re2nrsde5s 10

Analysis

max time kernel
208s
max time network
285s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17/04/2024, 12:18 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed614783ecd08afb919ae4b42625beaa6c9ed4207fa4f9c925c32a16d543ee3a.exe
Size

1.3MB
MD5

40755985ba0182b59a34909770557b77
SHA1

68752dead25052420fd8e5b94c867233accad1f4
SHA256

ed614783ecd08afb919ae4b42625beaa6c9ed4207fa4f9c925c32a16d543ee3a
SHA512

788ec7a6c08ac4fb23e1489489152048c9663a3bcdebe767e3db304b5955f430c6bd06a16550b8c9c6bd5229a7cf2c5d1ca1ce6e40e1cbc0f2104d2630f7c507
SSDEEP

12288:hD0Yxtmgcj3DKjs16MKYIjhy+AC5j6vfNqi:hQYxtmiEEYIjhyQj6vfNqi

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1868	2216	WerFault.exe	79

C:\Users\Admin\AppData\Local\Temp\ed614783ecd08afb919ae4b42625beaa6c9ed4207fa4f9c925c32a16d543ee3a.exe
"C:\Users\Admin\AppData\Local\Temp\ed614783ecd08afb919ae4b42625beaa6c9ed4207fa4f9c925c32a16d543ee3a.exe"
1⤵
PID:2216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 256
  2⤵
  - Program crash
  PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2216 -ip 2216
1⤵
PID:3408

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

self.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdcus20.centralus.cloudapp.azure.com

onedscolprdcus20.centralus.cloudapp.azure.com

IN A

104.208.16.95
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

wu.azureedge.net

wu.azureedge.net

IN CNAME

wu.ec.azureedge.net

wu.ec.azureedge.net

IN CNAME

bg.apr-52dd2-0503.edgecastdns.net

bg.apr-52dd2-0503.edgecastdns.net

IN CNAME

hlb.apr-52dd2-0.edgecastdns.net

hlb.apr-52dd2-0.edgecastdns.net

IN CNAME

cs11.wpc.v0cdn.net

cs11.wpc.v0cdn.net

IN A

93.184.221.240

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

211 B
565 B
3
3

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

self.events.data.microsoft.com

DNS Response

104.208.16.95

DNS Request

ctldl.windowsupdate.com

DNS Response

93.184.221.240

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2216-1-0x00000000054E0000-0x00000000055E0000-memory.dmp

Filesize
1024KB

Download
memory/2216-2-0x0000000005720000-0x0000000005787000-memory.dmp

Filesize
412KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.