Overview

overview

3

Static

static

3

2024-09-19...ck.exe

windows7-x64

3

2024-09-19...ck.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 00:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-19_5ad28731b2013c97947063f39738ccc5_virlock.exe

  • Size

    188KB

  • MD5

    5ad28731b2013c97947063f39738ccc5

  • SHA1

    b5ed5f68589a7d86c053a17ae51c494698b8e8af

  • SHA256

    e14a5547c4f5f6682106817b851ca118dd5d258dec81a09af0dcfbfb4ae8ff38

  • SHA512

    934601677f8a7e2ae704674cf2ec2e6289075054a41fb5070704f8d80fc81686f5b724018ac0eac731863a4a4cc7ec6b5d2392d06fa144e9ea32b325a65c0469

  • SSDEEP

    3072:9+ByLKf054c0S16gFvV71gv1b9VBxg1cOgHR+xn1vzRL7gKhtv3EQQQQQQQQQQQF:/LEFVBxo53v9LcwF3EQQQQQQQQQQQQkd

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-19_5ad28731b2013c97947063f39738ccc5_virlock.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-19_5ad28731b2013c97947063f39738ccc5_virlock.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1156
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 224
      2⤵
      • Program crash
      PID:4344
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 244
      2⤵
      • Program crash
      PID:4324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 284
      2⤵
      • Program crash
      PID:4192
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1156 -ip 1156
    1⤵
      PID:920
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1156 -ip 1156
      1⤵
        PID:2844
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1156 -ip 1156
        1⤵
          PID:2768

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1156-0-0x0000000000400000-0x0000000000430000-memory.dmp

                Filesize

                192KB

                Download

              • memory/1156-1-0x0000000000400000-0x0000000000430000-memory.dmp

                Filesize

                192KB

                Download