Malware Analysis Report

2024-09-11 07:33

Sample ID 240613-zgdnqazclb
Target 0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f
SHA256 0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f

Threat Level: Likely benign

The file 0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Program crash

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 20:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 20:41

Reported

2024-06-13 20:43

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f.exe"

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f.exe

"C:\Users\Admin\AppData\Local\Temp\0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4880 -ip 4880

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 388

Network

Country Destination Domain Proto
US 8.8.8.8:53 stronggemateraislw.shop udp
US 8.8.8.8:53 distincttangyflippan.shop udp
US 8.8.8.8:53 macabrecondfucews.shop udp

Files

memory/4880-1-0x0000000002570000-0x0000000002670000-memory.dmp

memory/4880-3-0x0000000000400000-0x000000000045B000-memory.dmp

memory/4880-2-0x00000000024F0000-0x0000000002540000-memory.dmp

memory/4880-4-0x0000000000400000-0x000000000238C000-memory.dmp

memory/4880-6-0x0000000002570000-0x0000000002670000-memory.dmp

memory/4880-7-0x0000000000400000-0x000000000045B000-memory.dmp

memory/4880-9-0x0000000000400000-0x000000000045B000-memory.dmp

memory/4880-8-0x0000000000400000-0x000000000238C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 20:41

Reported

2024-06-13 20:43

Platform

win11-20240611-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f.exe"

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f.exe

"C:\Users\Admin\AppData\Local\Temp\0ad508af0bf28ccea5b05b040add11814ca737c6156c7f9f9f65cf524d47df6f.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2360 -ip 2360

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 400

Network

Country Destination Domain Proto
US 8.8.8.8:53 stronggemateraislw.shop udp
US 104.21.6.148:443 stronggemateraislw.shop tcp
US 8.8.8.8:53 148.6.21.104.in-addr.arpa udp
US 172.67.221.10:443 distincttangyflippan.shop tcp
US 104.21.1.23:443 macabrecondfucews.shop tcp
US 172.67.173.64:443 greentastellesqwm.shop tcp
US 172.67.198.233:443 stickyyummyskiwffe.shop tcp
US 104.21.52.210:443 sturdyregularrmsnhw.shop tcp
US 172.67.144.236:443 lamentablegapingkwaq.shop tcp
US 8.8.8.8:53 210.52.21.104.in-addr.arpa udp
US 104.21.79.21:443 innerverdanytiresw.shop tcp
US 104.21.9.31:443 standingcomperewhitwo.shop tcp

Files

memory/2360-1-0x00000000025C0000-0x00000000026C0000-memory.dmp

memory/2360-2-0x00000000040F0000-0x0000000004140000-memory.dmp

memory/2360-3-0x0000000000400000-0x000000000045B000-memory.dmp

memory/2360-6-0x0000000000400000-0x000000000045B000-memory.dmp

memory/2360-5-0x00000000040F0000-0x0000000004140000-memory.dmp

memory/2360-4-0x0000000000400000-0x000000000238C000-memory.dmp