550cf8cbf46e4d30fcb907a1e094b969fb1c2505b8fb8ef1655dd5b1fc912b17

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

550cf8cbf46e4d30fcb907a1e094b969fb1c2505b8fb8ef1655dd5b1fc912b17.exe
Size

49KB
MD5

af7e2d3bb8c8ea7be35ce85937585284
SHA1

ef0db0a2c80365dea94e7661dee0c8eb4dd0eb67
SHA256

550cf8cbf46e4d30fcb907a1e094b969fb1c2505b8fb8ef1655dd5b1fc912b17
SHA512

e3097f59ea960bc3bd2bbe2d89dc9bcb1273d088dd45877d77bb178b71eed89b595a2f53dc1cf0c47f2b31dc308693bd937e159957ba31949795c2fbac52710d
SSDEEP

768:e+spHUQaFMVNxyAwcn4mLAHUnzBPY33kbw/qhDnfQF/GSO+YwWC8RuYN5gx:pkCUh4mU0zBPY3UbSqNnfE/Gtyh6Hgx

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5012	2844	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	550cf8cbf46e4d30fcb907a1e094b969fb1c2505b8fb8ef1655dd5b1fc912b17.exe

C:\Users\Admin\AppData\Local\Temp\550cf8cbf46e4d30fcb907a1e094b969fb1c2505b8fb8ef1655dd5b1fc912b17.exe
"C:\Users\Admin\AppData\Local\Temp\550cf8cbf46e4d30fcb907a1e094b969fb1c2505b8fb8ef1655dd5b1fc912b17.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2844
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 736
  2⤵
  - Program crash
  PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2844 -ip 2844
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2844-0-0x000000007473E000-0x000000007473F000-memory.dmp

Filesize
4KB

Download
memory/2844-1-0x0000000000DE0000-0x0000000000DF2000-memory.dmp

Filesize
72KB

Download