netsupport | 52236b70ee408ddd63617d52aa1bb187fb9dbf79004ab6a71ed33057718dbbdf

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 22:41

Target

2024-07-01_21ce08b0c81a50829ac2ff9cfe813926_mafia.exe
Size

3.0MB
MD5

21ce08b0c81a50829ac2ff9cfe813926
SHA1

8be6ee76504f2dcb2001c76f61bfd6fedf71aa1d
SHA256

52236b70ee408ddd63617d52aa1bb187fb9dbf79004ab6a71ed33057718dbbdf
SHA512

17838d8371d6de0aa14da3b3acf0335fffdeef280e700ef739aeaf5bb956f7f62940cc2a8f5909be57c46b7879e64b275f962e0fb9724296904a07590457ab57
SSDEEP

24576:rUrkVwpQWecZyhfG+SvDZioocsygYhFFa0UwekqcRah9aNJ:wrkOpZeHfG+S7Z3o/ygYhFl96cRah9IJ

Score

10^/10

netsupport rat

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4656	2380	WerFault.exe	80
5096	2380	WerFault.exe	80
4476	2380	WerFault.exe	80

C:\Users\Admin\AppData\Local\Temp\2024-07-01_21ce08b0c81a50829ac2ff9cfe813926_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-01_21ce08b0c81a50829ac2ff9cfe813926_mafia.exe"
1⤵
PID:2380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 932
  2⤵
  - Program crash
  PID:4656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 940
  2⤵
  - Program crash
  PID:5096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 956
  2⤵
  - Program crash
  PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2380 -ip 2380
1⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2380 -ip 2380
1⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2380 -ip 2380
1⤵
PID:3524