43ee56d9325525f211d0b7176e842d8feec0b6a64a7c0ac1bcbc5ed246f53251

Analysis

max time kernel
94s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlitzedGrabberV12-main/resources/UltraEmbeddable.exe
Size

465KB
MD5

b6b77d0798d39d7fadd69784c4e47c30
SHA1

967af699bd9e0f2f20b0743323e5cdd6c3767ea2
SHA256

e5c9880090d757207a5cd373f5e1d20c42d7486c742b3a30a2ee741a7aef5ef8
SHA512

5140dcebbeb53c8e74364de824d78d6c5fddcfa08f0ac38ff0d898e71bf4f8630f3b529571a7f64be00981e83af7f85a9b6665aedfaf7f0720995fae8a8e28d6
SSDEEP

12288:MXUNgkAIMflOWTUpGY5ObqRKd6G2nHVxxd/2KO:QUNdJMNOWTUQveYd6fHnxsKO

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2288 2668 WerFault.exe UltraEmbeddable.exe
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

UltraEmbeddable.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UltraEmbeddable.exe

pid	pid_target	process	target process
2288	2668	WerFault.exe	UltraEmbeddable.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UltraEmbeddable.exe

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\resources\UltraEmbeddable.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\resources\UltraEmbeddable.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 868
  2⤵
  - Program crash
  PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2668 -ip 2668
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2668-0-0x0000000074E0E000-0x0000000074E0F000-memory.dmp

Filesize
4KB

Download
memory/2668-1-0x0000000000680000-0x00000000006FA000-memory.dmp

Filesize
488KB

Download