Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2024 08:35

General

  • Target

    PsfLauncher32.exe

  • Size

    302KB

  • MD5

    e005414b82df848717581bd260725b02

  • SHA1

    6ad75f8152617858d463f36cf4b2ce432e0ad4df

  • SHA256

    312bd304860f9865ed4073f5baffde8df9907a1ebfedd2d1d637ab48db3ca004

  • SHA512

    be3d06d2049551e2d5acc3232c6d520236747d53dc49e388c6e616d1f7e1f6f7b6338a4e743773f5461589f2325a8a722af023009cc709f076f51e418382b562

  • SSDEEP

    6144:Z85jcjnYXSFt8NUBtirDpOzF2akGcoRJKCNWcWAOEOrCng:Z85jedFtOdEF2asjnzrag

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\PsfLauncher32.exe
    "C:\Users\Admin\AppData\Local\Temp\PsfLauncher32.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1628
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 580
      2⤵
      • Program crash
      PID:3252
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1628 -ip 1628
    1⤵
      PID:1360
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4616,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=1008 /prefetch:8
      1⤵
        PID:2184

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        97.17.167.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.17.167.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        140.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        232.168.11.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.168.11.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        53.210.109.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        53.210.109.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        21.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
        90 B
        1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        97.17.167.52.in-addr.arpa
        dns
        71 B
        145 B
        1
        1

        DNS Request

        97.17.167.52.in-addr.arpa

      • 8.8.8.8:53
        140.32.126.40.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        140.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        232.168.11.51.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        232.168.11.51.in-addr.arpa

      • 8.8.8.8:53
        53.210.109.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        53.210.109.20.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
        144 B
        1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        21.236.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        21.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
        128 B
        1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.