Analysis
-
max time kernel
92s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29-09-2024 04:09
Static task
static1
Behavioral task
behavioral1
Sample
049cd03c78d36c89a2339c6945a13f9f4746adddba3083e6cc94e17bfed5b090.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
049cd03c78d36c89a2339c6945a13f9f4746adddba3083e6cc94e17bfed5b090.exe
Resource
win10v2004-20240802-en
General
-
Target
049cd03c78d36c89a2339c6945a13f9f4746adddba3083e6cc94e17bfed5b090.exe
-
Size
1.6MB
-
MD5
ec8be91b2242db0c2aee44b3fc9af853
-
SHA1
27256c8c249bfd7684e0ccea729f5f446e369797
-
SHA256
049cd03c78d36c89a2339c6945a13f9f4746adddba3083e6cc94e17bfed5b090
-
SHA512
84117d99a0f4733e7b5d6c6526654c6ec6e3841e9b73e59bc0b199219c3051c5b6baf37d33260a7e16ef4cbdc54c1fe3bd9edce5df0af33ec98c4b1fe72a479d
-
SSDEEP
24576:TCsZd5TKWxFMcN/c5M8SMUi9Grdn7SsvaMQR9TzBlh1xRO3AWCkTTl:D7TvfU+8X9GrNOsvabRblhE3ANkTTl
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4052 4016 WerFault.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 049cd03c78d36c89a2339c6945a13f9f4746adddba3083e6cc94e17bfed5b090.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\049cd03c78d36c89a2339c6945a13f9f4746adddba3083e6cc94e17bfed5b090.exe"C:\Users\Admin\AppData\Local\Temp\049cd03c78d36c89a2339c6945a13f9f4746adddba3083e6cc94e17bfed5b090.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4016 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 2202⤵
- Program crash
PID:4052
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4016 -ip 40161⤵PID:3540