Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
09-08-2024 22:50
Behavioral task
behavioral1
Sample
PCPS (1).exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
PCPS (1).exe
Resource
win10v2004-20240802-en
General
-
Target
PCPS (1).exe
-
Size
2.8MB
-
MD5
483da837d70e72105520ea82033c49ff
-
SHA1
4339212b959c1ead23bb5cc31dcf12736ee3e1d4
-
SHA256
d9f553bfe5254e734f2c687a69d9a61f082b87c74fc03af1a51dff715a6d7e9d
-
SHA512
1501cef6c13fd7285749b27ff1f1cb7bcbd4e75543eb3b3d78da649c3603028731b361a24d724d68dc41737e550ac826baf829806a69d7a90366e1768a58d23f
-
SSDEEP
49152:B3+xTCM1oVeG0kGj/esU462SJJm0tjRU+hT9Lgr84zMG8qK7kyjF3U4RRGef++fd:BLGefGh
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
Processes:
PCPS (1).exepid process 852 PCPS (1).exe 852 PCPS (1).exe 852 PCPS (1).exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1696 852 WerFault.exe PCPS (1).exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
PCPS (1).exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PCPS (1).exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
PCPS (1).exedescription pid process target process PID 852 wrote to memory of 1696 852 PCPS (1).exe WerFault.exe PID 852 wrote to memory of 1696 852 PCPS (1).exe WerFault.exe PID 852 wrote to memory of 1696 852 PCPS (1).exe WerFault.exe PID 852 wrote to memory of 1696 852 PCPS (1).exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PCPS (1).exe"C:\Users\Admin\AppData\Local\Temp\PCPS (1).exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:852 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 6842⤵
- Program crash
PID:1696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD545fa4315c7631b828e2871db89b3df27
SHA1f34f3a5344abbb67a21348be9eaeba7831c7333e
SHA256e580ca9c0382a8663d6bdff6e53802bd73fa8a71689d7f38521ca02269775a58
SHA5121dd74a83b0435674d61e0e752e3d671334970fd7d235203faf1791c67965eee2324a7dd18e03be575138d3c3639d106534a084c3f9a78d37ff4ff77ead4cfd96