Overview
overview
10Static
static
10Testing/EA...le.exe
windows7-x64
3Testing/EA...le.exe
windows10-2004-x64
3Testing/EA...config
windows7-x64
3Testing/EA...config
windows10-2004-x64
3Testing/EA...le.pdb
windows7-x64
3Testing/EA...le.pdb
windows10-2004-x64
3Testing/Un...37.dll
windows7-x64
1Testing/Un...37.dll
windows10-2004-x64
1Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10-09-2024 17:42
Behavioral task
behavioral1
Sample
Testing/EAX Console.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Testing/EAX Console.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Testing/EAX Console.exe.config
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Testing/EAX Console.exe.config
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Testing/EAX Console.pdb
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Testing/EAX Console.pdb
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Testing/Unconfirmed 757437.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Testing/Unconfirmed 757437.dll
Resource
win10v2004-20240802-en
General
-
Target
Testing/EAX Console.exe
-
Size
64KB
-
MD5
f6f079a2d265f5b5db3f5b80b1b0ca2d
-
SHA1
4124af9c2a1e96af3a652c521bb3cb8137d71614
-
SHA256
846d613708c1455f40fd93345aec0e05f344c586e7bc150850c46f65c4b26d79
-
SHA512
f159959a62b9151a93f9d5fe2e226416404217560299a746dcbdb2c39c6cc94e01e74ad72cf14e6246e211fa2e7fd1d1233cad149b067af086fe167e23167b85
-
SSDEEP
1536:XvPvls2TPEld7qIe/iaQwJOi0GmNKh56aQwJOiw:XvPvZT873O/Qr5rKh9QrF
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2216 1056 WerFault.exe 27 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language EAX Console.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1056 wrote to memory of 2216 1056 EAX Console.exe 28 PID 1056 wrote to memory of 2216 1056 EAX Console.exe 28 PID 1056 wrote to memory of 2216 1056 EAX Console.exe 28 PID 1056 wrote to memory of 2216 1056 EAX Console.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Testing\EAX Console.exe"C:\Users\Admin\AppData\Local\Temp\Testing\EAX Console.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 6362⤵
- Program crash
PID:2216
-