Analysis
-
max time kernel
96s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2024, 02:03
Static task
static1
Behavioral task
behavioral1
Sample
80af903be8ac173fdc5f6029272c4af8c907e97bfa7d32fb40e0b1c3b984cd47.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
80af903be8ac173fdc5f6029272c4af8c907e97bfa7d32fb40e0b1c3b984cd47.exe
Resource
win10v2004-20240802-en
General
-
Target
80af903be8ac173fdc5f6029272c4af8c907e97bfa7d32fb40e0b1c3b984cd47.exe
-
Size
840KB
-
MD5
843c5df4d614993bf87d4c93f67dedad
-
SHA1
9a0c5bdca8d1859ae1621acaa0f94e2ff4daa2e9
-
SHA256
80af903be8ac173fdc5f6029272c4af8c907e97bfa7d32fb40e0b1c3b984cd47
-
SHA512
5d40e9d4b017d8a56ee0d4e313f9c47280cff00cb7c11b40812a6479dd08b79767e552970fdafe13f8c435e51184a1d28d15f1624f22131cc82be0fa14a53c4c
-
SSDEEP
6144:O5l8Psn+5S+Macf/sCimmw9Xqp/AT/ykKOnCYfE6Se0puU/WEBpLla2isxPi11:Kl8PsH+MacnQp/ATKkKBb6Se0NrpYs
Malware Config
Signatures
-
Program crash 2 IoCs
pid pid_target Process procid_target 1516 5036 WerFault.exe 81 4820 5036 WerFault.exe 81 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 80af903be8ac173fdc5f6029272c4af8c907e97bfa7d32fb40e0b1c3b984cd47.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\80af903be8ac173fdc5f6029272c4af8c907e97bfa7d32fb40e0b1c3b984cd47.exe"C:\Users\Admin\AppData\Local\Temp\80af903be8ac173fdc5f6029272c4af8c907e97bfa7d32fb40e0b1c3b984cd47.exe"1⤵
- System Location Discovery: System Language Discovery
PID:5036 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 2482⤵
- Program crash
PID:1516
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 2482⤵
- Program crash
PID:4820
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5036 -ip 50361⤵PID:3868
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5036 -ip 50361⤵PID:1548