Overview
overview
10Static
static
30bbde9df88...20.exe
windows10-2004-x64
1014381f89f8...62.exe
windows10-2004-x64
101c09c6faad...a0.exe
windows7-x64
31c09c6faad...a0.exe
windows10-2004-x64
101c8308039a...16.exe
windows7-x64
31c8308039a...16.exe
windows10-2004-x64
101fe4c883d2...6d.exe
windows10-2004-x64
10234b8aa959...d8.exe
windows10-2004-x64
10410e72302d...e8.exe
windows7-x64
3410e72302d...e8.exe
windows10-2004-x64
104431aa7413...8c.exe
windows7-x64
34431aa7413...8c.exe
windows10-2004-x64
1068f997d58c...e5.exe
windows10-2004-x64
10812ce70322...27.exe
windows10-2004-x64
1088a3f8285d...ab.exe
windows10-2004-x64
1090fdeaf3f0...a8.exe
windows7-x64
390fdeaf3f0...a8.exe
windows10-2004-x64
109d92aedf9d...9d.exe
windows7-x64
39d92aedf9d...9d.exe
windows10-2004-x64
109ff2fb6bb8...32.exe
windows10-2004-x64
10ac4e2e3d9d...dd.exe
windows7-x64
3ac4e2e3d9d...dd.exe
windows10-2004-x64
10b62483116d...b6.exe
windows10-2004-x64
10c901122f00...70.exe
windows10-2004-x64
10cfda8adb75...7f.exe
windows10-2004-x64
10dfe8591c80...49.exe
windows10-2004-x64
10f5659ff4e2...ff.exe
windows10-2004-x64
10Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 10:44
Static task
static1
Behavioral task
behavioral1
Sample
0bbde9df8818bd31a5563ee46a1512cc0d05c5d11e8469ef5c7ec394bb8ed020.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
14381f89f8b411cd75bc72635e73d8b296854b0c9775f80c2fec874a6761d562.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
1c09c6faad1ede18216df88b9d359543df5caacf810175b5e245e3e775b6b9a0.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
1c09c6faad1ede18216df88b9d359543df5caacf810175b5e245e3e775b6b9a0.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
1c8308039aad5dc9c98b1f72592672a2e272eb9b9a30430eeacea161036df416.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
1c8308039aad5dc9c98b1f72592672a2e272eb9b9a30430eeacea161036df416.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
1fe4c883d2d7c8f09c5eab45d00c85339660191140f68cf11bd29f978582386d.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
234b8aa95903dd65d6bf32c7efe25bae41ba8582db1a5693afbd14a22bc6d4d8.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
410e72302dee0862e82d58671c8a130371c31bc22e8fb1bdd2afad927b1716e8.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
410e72302dee0862e82d58671c8a130371c31bc22e8fb1bdd2afad927b1716e8.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
4431aa7413f5833360f953b5d26f7cceefeb1dfd20705856a7c02d106943048c.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
4431aa7413f5833360f953b5d26f7cceefeb1dfd20705856a7c02d106943048c.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
68f997d58c29b69df287c5fd2f99eed5b4f71419dba25fbff2ad5132610109e5.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
812ce70322ec6814a763ebe1e04731ab416e10201580d509b133509ad1ebcb27.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
88a3f8285d7ffaf9af9229ede24a8f6e39be8a28dd9c981808b05c11aece8bab.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
90fdeaf3f05a7aeef335002874bfb485026c1a161854698d5277269287138ba8.exe
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
90fdeaf3f05a7aeef335002874bfb485026c1a161854698d5277269287138ba8.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe
Resource
win7-20240508-en
Behavioral task
behavioral19
Sample
9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral20
Sample
9ff2fb6bb8d4c7395ec24382b3b06db1e89b1ac0e5ceaebaba03805cbaa21532.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
ac4e2e3d9de1b4a0639391f365147200e1175cbe0c399b62625a5fe2ff4acedd.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
ac4e2e3d9de1b4a0639391f365147200e1175cbe0c399b62625a5fe2ff4acedd.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
b62483116d18fcce423634c2d593e9a4337f6e491ba99627ad7d7030d97546b6.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral24
Sample
c901122f0065d9da89857ec8341cf2ffba9fd5fd9ac4717e138a6b96c776b070.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
cfda8adb7597e205b205c916dd913856ad96e83acc3a76ec0ca6f85b8cb33c7f.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
dfe8591c80d0895e6a0ba6ab5324840b06b4acfdc0570bbc6eea97239314ef49.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
f5659ff4e2e2c4f553f6a9f59f406907a29545e4ca9d61810be718d9619a8dff.exe
Resource
win10v2004-20240426-en
General
-
Target
9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe
-
Size
265KB
-
MD5
88519b82141f0f7181ffac8bd68286c2
-
SHA1
e3034195b63516e1a09280e7c17f5f0b491c5a43
-
SHA256
9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d
-
SHA512
3010c358660acad653ae98067616036f378f1717b460fb1ddfc6589d05cc3eb8dc47958a9556244f2eb94a879d5b68c8367ec2d3b789c8d260b6e6aceba88922
-
SSDEEP
6144:ehTHgDcXDXO5TGuCPT/DYbi55VYs+6up:e5HgDcF/Us5Vup
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2748 2372 WerFault.exe 9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exedescription pid process target process PID 2372 wrote to memory of 2748 2372 9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe WerFault.exe PID 2372 wrote to memory of 2748 2372 9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe WerFault.exe PID 2372 wrote to memory of 2748 2372 9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe WerFault.exe PID 2372 wrote to memory of 2748 2372 9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe"C:\Users\Admin\AppData\Local\Temp\9d92aedf9d3d83efd8e1d100f6dcbfc358fb8b26adeb6e51769c0e756d95b09d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 482⤵
- Program crash
PID:2748
-