Analysis
-
max time kernel
140s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-10-2024 12:29
Behavioral task
behavioral1
Sample
2828-0-0x00000000009C0000-0x000000000106B000-memory.exe
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
General
-
Target
2828-0-0x00000000009C0000-0x000000000106B000-memory.exe
-
Size
6.7MB
-
MD5
f727fcd30ea18fd5ebe45622e1e364c1
-
SHA1
7b830abac406fc79f1fcc10b2362b76df72843d1
-
SHA256
e36e58e85760dff0195b2dd5afad732e924713b503f25348f97ed9caba0cf661
-
SHA512
f1c7058ce38ebc21ee39e3539929def9ecdd080fb162543323bc838de8285cb620d35f31f1d963a0b0573c0da24e61fa65c271f3c5fa0665d3cf8b5ae905b65d
-
SSDEEP
6144:e6/llAoOx+WsZijvLNPOF3Tpn+e91RqTokJKzFGZq:plAouycR2j+cYTx
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 724 4992 WerFault.exe 2828-0-0x00000000009C0000-0x000000000106B000-memory.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
2828-0-0x00000000009C0000-0x000000000106B000-memory.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2828-0-0x00000000009C0000-0x000000000106B000-memory.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2828-0-0x00000000009C0000-0x000000000106B000-memory.exe"C:\Users\Admin\AppData\Local\Temp\2828-0-0x00000000009C0000-0x000000000106B000-memory.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4992 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 2242⤵
- Program crash
PID:724
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4992 -ip 49921⤵PID:3528