Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-11-2024 19:34
Static task
static1
Behavioral task
behavioral1
Sample
0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0791c43de42272d1f5eb20ee67b0ad4194e2bb8f00975aa906605d8cd0c4c6a4.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
jjhluxw.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
jjhluxw.exe
Resource
win10v2004-20241007-en
General
-
Target
jjhluxw.exe
-
Size
108KB
-
MD5
5f16ae72eb6fbd3040d5d3c18c5ac304
-
SHA1
4e1604b5e763aa9f336996c75cb3e8436f16850f
-
SHA256
3b22459608be3d78066a25fdf807f6628de79c01799cd5e03095c2ae996bca16
-
SHA512
7ca61d0f536638094b67f8c7b12ab5ff4d234299f2365ab9cd7de78bd1d257195b6c112039761e2620a597a65d59cfd856790db075bef6d69afdaeb35d49286d
-
SSDEEP
3072:Mgke83whBLmHr9x5FKEY8Hs+k3d0Ge4NStHywRR+NwX3:MgwA0rGEY0AWRV3
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2936 2192 WerFault.exe jjhluxw.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
jjhluxw.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jjhluxw.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
jjhluxw.exedescription pid process target process PID 2192 wrote to memory of 2936 2192 jjhluxw.exe WerFault.exe PID 2192 wrote to memory of 2936 2192 jjhluxw.exe WerFault.exe PID 2192 wrote to memory of 2936 2192 jjhluxw.exe WerFault.exe PID 2192 wrote to memory of 2936 2192 jjhluxw.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe"C:\Users\Admin\AppData\Local\Temp\jjhluxw.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 1802⤵
- Program crash
PID:2936
-