Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
12-10-2024 07:49
General
-
Target
Stub.exe
-
Size
38KB
-
MD5
f76702fa423ce2b2b4b0fdcf547b0789
-
SHA1
ea408a4419e8a3139ef14df987608964c12d3190
-
SHA256
0e19cefba973323c234322452dfd04e318f14809375090b4f6ab39282f6ba07e
-
SHA512
03c7d8814687bb4f11ac41a555f368d89d5be749c92624073b77da0e57d872df201f2657b180ad0c9d5bc9ffa0a85989bf31374c7e5deefa06cf36bce3697971
-
SSDEEP
768:9Xaug0LrCc4d7VtOjkR26/XgNhKwEuyj67zACVyI1rXDjkY5Z07:dafSuVtOGfgTKwt3Nk7
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 5228 2888 WerFault.exe 76 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Stub.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Stub.exe"C:\Users\Admin\AppData\Local\Temp\Stub.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2888 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 7562⤵
- Program crash
PID:5228
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2888 -ip 28881⤵PID:4680