Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-12-2024 07:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fec95e2980136052d251bf2932a3af39.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
fec95e2980136052d251bf2932a3af39.exe
-
Size
385KB
-
MD5
fec95e2980136052d251bf2932a3af39
-
SHA1
00819383800b3548902bc68a244876bdd75fdb59
-
SHA256
e1c9b3cc2939b88146d2ecb53b98ad6f3ba64369027d8adfc78f20c4fa3e5512
-
SHA512
cc0bd1b3d51de961cec629cb17455d42a50f138b14c8dd733bec472745d43a2703040eaf53c6545383495299060730a4cc8e2eaebec17fe4cdebe3453af06eb1
-
SSDEEP
6144:Na47LJtFMBI1jN74VHD8ovRJGfQUTcYtFS+ufjtkUwamgtXj:E479tKB6aVHjJGfnTcYn8JAdgd
Malware Config
Signatures
-
Gcleaner family
-
Program crash 8 IoCs
pid pid_target Process procid_target 764 1716 WerFault.exe 84 1552 1716 WerFault.exe 84 3724 1716 WerFault.exe 84 4668 1716 WerFault.exe 84 3032 1716 WerFault.exe 84 4136 1716 WerFault.exe 84 2076 1716 WerFault.exe 84 1920 1716 WerFault.exe 84 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fec95e2980136052d251bf2932a3af39.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fec95e2980136052d251bf2932a3af39.exe"C:\Users\Admin\AppData\Local\Temp\fec95e2980136052d251bf2932a3af39.exe"1⤵
- System Location Discovery: System Language Discovery
PID:1716 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 7522⤵
- Program crash
PID:764
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 7442⤵
- Program crash
PID:1552
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 7522⤵
- Program crash
PID:3724
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 7882⤵
- Program crash
PID:4668
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 9082⤵
- Program crash
PID:3032
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 9882⤵
- Program crash
PID:4136
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 10162⤵
- Program crash
PID:2076
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 7562⤵
- Program crash
PID:1920
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1716 -ip 17161⤵PID:3248
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 1716 -ip 17161⤵PID:2220
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1716 -ip 17161⤵PID:4840
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1716 -ip 17161⤵PID:3108
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1716 -ip 17161⤵PID:3320
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1716 -ip 17161⤵PID:4392
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 1716 -ip 17161⤵PID:4580
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1716 -ip 17161⤵PID:3284