0ed53e7c640e9a13ca7907de16e08ae9756ddbbbb6a651c4b1f6f55fbe3513e2

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2024, 21:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2840-0-0x0000000000BF0000-0x0000000001280000-memory.exe
Size

6.6MB
MD5

3386767a06a73856d79e733fcd0c178b
SHA1

c1705721e126918b7d6930b92ecfbfed3f1b7f1c
SHA256

0ed53e7c640e9a13ca7907de16e08ae9756ddbbbb6a651c4b1f6f55fbe3513e2
SHA512

8e2e12f6ee0a24891904dc83feb2b34e36a4fae73596cbe56f004f351f66e3c8166ba92aab22cce885fc459edb735056012bdb2867adfe045e1e0c68efff5f5c
SSDEEP

3072:90fjOnMoFiVdgSlcqAEmrhzZRW/yWfugVIERZ7H4iMv+Q98X+B:rn5F+rcqY4/yWmWbb7HyvzqM

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5008	5084	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2840-0-0x0000000000BF0000-0x0000000001280000-memory.exe

C:\Users\Admin\AppData\Local\Temp\2840-0-0x0000000000BF0000-0x0000000001280000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2840-0-0x0000000000BF0000-0x0000000001280000-memory.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 232
  2⤵
  - Program crash
  PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5084 -ip 5084
1⤵
PID:3628

Network

DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

85.49.80.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.49.80.91.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

212.20.149.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.20.149.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

139.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.190.18.2.in-addr.arpa

IN PTR

Response

139.190.18.2.in-addr.arpa

IN PTR

a2-18-190-139deploystaticakamaitechnologiescom
DNS

96.136.73.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

96.136.73.23.in-addr.arpa

IN PTR

Response

96.136.73.23.in-addr.arpa

IN PTR

a23-73-136-96deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

252.15.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

252.15.104.51.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

85.49.80.91.in-addr.arpa

dns

70 B
145 B
1
1

DNS Request

85.49.80.91.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

212.20.149.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

212.20.149.52.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

139.190.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

139.190.18.2.in-addr.arpa
8.8.8.8:53

96.136.73.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

96.136.73.23.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

252.15.104.51.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

252.15.104.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5084-0-0x0000000000C20000-0x00000000012B0000-memory.dmp

Filesize
6.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.