resource	yara_rule
behavioral1/memory/2448-65-0x000001A72F8C0000-0x000001A7330F4000-memory.dmp	family_zgrat_v1
behavioral1/memory/2448-66-0x000001A74E7A0000-0x000001A74E8AA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2448-70-0x000001A74E630000-0x000001A74E654000-memory.dmp	family_zgrat_v1

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ec9955db0e61093b92486cf30fe05682f64e97f698283d88c6df88540dd24e82.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	u19o.1.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	u19o.1.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	u19o.1.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	u19o.1.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	u19o.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	u19o.0.exe

pid	Process
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2448	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
632	u19o.0.exe
632	u19o.0.exe

pid	Process
1328	u19o.1.exe
1328	u19o.1.exe
1328	u19o.1.exe
1328	u19o.1.exe
1328	u19o.1.exe
1328	u19o.1.exe
1328	u19o.1.exe

description	pid	Process	procid_target
PID 1644 wrote to memory of 632	1644	ec9955db0e61093b92486cf30fe05682f64e97f698283d88c6df88540dd24e82.exe	93
PID 1644 wrote to memory of 632	1644	ec9955db0e61093b92486cf30fe05682f64e97f698283d88c6df88540dd24e82.exe	93
PID 1644 wrote to memory of 632	1644	ec9955db0e61093b92486cf30fe05682f64e97f698283d88c6df88540dd24e82.exe	93
PID 1644 wrote to memory of 1328	1644	ec9955db0e61093b92486cf30fe05682f64e97f698283d88c6df88540dd24e82.exe	96
PID 1644 wrote to memory of 1328	1644	ec9955db0e61093b92486cf30fe05682f64e97f698283d88c6df88540dd24e82.exe	96
PID 1644 wrote to memory of 1328	1644	ec9955db0e61093b92486cf30fe05682f64e97f698283d88c6df88540dd24e82.exe	96
PID 1328 wrote to memory of 2448	1328	u19o.1.exe	102
PID 1328 wrote to memory of 2448	1328	u19o.1.exe	102

pid	pid_target	Process	procid_target
4748	1644	WerFault.exe	82
4996	632	WerFault.exe	93

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request