b372521f69e73b129dc69b1b81ceb5ba8964a81a7feaf136002ed0d3b1de5638

Analysis

max time kernel
95s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 15:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FlashP26/FlashP2.exe
Size

750KB
MD5

3671b90515652d90f81b57c8ea73d32d
SHA1

4fad2a5060249ef8bca8adde2ebb8e979e4374ec
SHA256

6500782bf71d6cbfc0ed83f3eb0f2a17b06c6af351fa155774dcd7b2483dda70
SHA512

4d6fafd78e146cb81b2383bdf0faadbfff7333ddb4148d270026317266f2cd73f36be3fd59b821d9c6b536962f1bfd228e82b2972bd1a024272b4a259828df53
SSDEEP

12288:+/GlhLYinCRKy5oIP9ts3o0v02yF3Z4mxxhnRXjx2mXqvIwxeAxvb2:+/oLYi6Ky55Ohv02yQmXhnXrXqIwxfva

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
436	4872	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FlashP2.exe

C:\Users\Admin\AppData\Local\Temp\FlashP26\FlashP2.exe
"C:\Users\Admin\AppData\Local\Temp\FlashP26\FlashP2.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 768
  2⤵
  - Program crash
  PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4872 -ip 4872
1⤵
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4872-0-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/4872-1-0x0000000002320000-0x0000000002374000-memory.dmp

Filesize
336KB

Download
memory/4872-2-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/4872-12-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-39-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/4872-51-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-50-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-49-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-48-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-47-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-46-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-45-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-52-0x0000000003530000-0x0000000003532000-memory.dmp

Filesize
8KB

Download
memory/4872-44-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-43-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-42-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-41-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-40-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/4872-38-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/4872-37-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/4872-36-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/4872-35-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-34-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4872-33-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/4872-32-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4872-31-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4872-30-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4872-29-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/4872-28-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/4872-27-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4872-26-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4872-53-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/4872-25-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-56-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/4872-55-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/4872-54-0x0000000003520000-0x0000000003523000-memory.dmp

Filesize
12KB

Download
memory/4872-24-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-57-0x0000000002320000-0x0000000002374000-memory.dmp

Filesize
336KB

Download
memory/4872-23-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-22-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-21-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-20-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-19-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-18-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-17-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-16-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-15-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-14-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-13-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-11-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4872-10-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-9-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-8-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4872-7-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4872-6-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4872-5-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4872-4-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4872-3-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4872-58-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4872-59-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4872-60-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download