Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-12-2024 07:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
913508136edb1a9c093fe801a7a20833.exe
Resource
win7-20241010-en
windows7-x64
3 signatures
150 seconds
General
-
Target
913508136edb1a9c093fe801a7a20833.exe
-
Size
385KB
-
MD5
913508136edb1a9c093fe801a7a20833
-
SHA1
caff31db9b6d9eed07d9d822a5d935743e5a96ec
-
SHA256
9bbb6839b4a2abf2d8ef4685fa85e171343e909c62ead34a66da2b13259999e6
-
SHA512
119df083fcba996504ce130e454204daff88259182ed78cc251efdbc93eea7b8e766b38467621522b573146793b138a343eabb422e91f6c38cc712fcbb990cce
-
SSDEEP
6144:5P4LJiS4ARKP4Gb9EoOYwEU2lkciTlbt1bDnWqj4K8C4D:5P49iJqKPj9E3x2lkc8lTiU
Malware Config
Signatures
-
Gcleaner family
-
Program crash 8 IoCs
pid pid_target Process procid_target 4228 4272 WerFault.exe 82 2460 4272 WerFault.exe 82 2692 4272 WerFault.exe 82 3972 4272 WerFault.exe 82 4780 4272 WerFault.exe 82 2452 4272 WerFault.exe 82 3788 4272 WerFault.exe 82 3344 4272 WerFault.exe 82 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 913508136edb1a9c093fe801a7a20833.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\913508136edb1a9c093fe801a7a20833.exe"C:\Users\Admin\AppData\Local\Temp\913508136edb1a9c093fe801a7a20833.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4272 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 7482⤵
- Program crash
PID:4228
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 7562⤵
- Program crash
PID:2460
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 7562⤵
- Program crash
PID:2692
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 7802⤵
- Program crash
PID:3972
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 9082⤵
- Program crash
PID:4780
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 9802⤵
- Program crash
PID:2452
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 9962⤵
- Program crash
PID:3788
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 7722⤵
- Program crash
PID:3344
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4272 -ip 42721⤵PID:3536
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4272 -ip 42721⤵PID:2868
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4272 -ip 42721⤵PID:5020
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4272 -ip 42721⤵PID:1572
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4272 -ip 42721⤵PID:3416
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4272 -ip 42721⤵PID:4920
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4272 -ip 42721⤵PID:2236
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4272 -ip 42721⤵PID:4928