Analysis
-
max time kernel
115s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12-09-2024 23:13
Static task
static1
Behavioral task
behavioral1
Sample
d6d22278edfc47f2ad60523dc3ef4c10N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d6d22278edfc47f2ad60523dc3ef4c10N.exe
Resource
win10v2004-20240802-en
General
-
Target
d6d22278edfc47f2ad60523dc3ef4c10N.exe
-
Size
325KB
-
MD5
d6d22278edfc47f2ad60523dc3ef4c10
-
SHA1
57fbd2aa6acf62239b8b49a7590e50c0cb5c2554
-
SHA256
cfbbe5832ac9ea61971f7db3d541edf6fdd1929da7e5831c49a393a4d4453e89
-
SHA512
27740a77bdb47412d94ba5ff5152ca59a317d915f1e304cf4959dd5459ea77b24f9c57a4dc85159b9fdc24e20a5b45917e3da30f2e3cd1e87d80f5f2494273eb
-
SSDEEP
6144:oSCTTl1zMPg7nsyxNKGppra3BrJX9E92BymfNarPwM98SZd:7enMY7FAGp9+rbpBJNarPLSSZd
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 924 688 WerFault.exe 89 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d6d22278edfc47f2ad60523dc3ef4c10N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6d22278edfc47f2ad60523dc3ef4c10N.exe"C:\Users\Admin\AppData\Local\Temp\d6d22278edfc47f2ad60523dc3ef4c10N.exe"1⤵
- System Location Discovery: System Language Discovery
PID:688 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 2522⤵
- Program crash
PID:924
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 688 -ip 6881⤵PID:4668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1036,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:81⤵PID:4072
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request25.140.123.92.in-addr.arpaIN PTRResponse25.140.123.92.in-addr.arpaIN PTRa92-123-140-25deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request134.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request29.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.143.123.92.in-addr.arpaIN PTRResponse240.143.123.92.in-addr.arpaIN PTRa92-123-143-240deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request2.17.178.52.in-addr.arpaIN PTRResponse
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
149.220.183.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
25.140.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
134.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.205.248.87.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
29.243.111.52.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
240.143.123.92.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
2.17.178.52.in-addr.arpa