46dc49be65d7165e2a6009854a4f27f0088230199e61e0555cb1bd266535874a

Analysis

max time kernel
94s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

foo/28408caa2961caecd35c9f8f7c1aecc5.exe
Size

290KB
MD5

28408caa2961caecd35c9f8f7c1aecc5
SHA1

2df15d3bc4f7623ca3a18665b3c666ec8b70baa6
SHA256

fe99d5ab8be0c9830fd97c1ed127b0c236da75b43a42a58fcd46cb8d46dc3c34
SHA512

a4fdb80d3ac39a2fa46f19c8b5a803ded144e97dd7a3f194177ddaba15b8e0a0486e7b4de2e8c9c957eac4398487fe5872e54ad8e866e68e0beb283c937d0cbd
SSDEEP

6144:b5KkIbWDMN39nN0p7BWlC3xIhKyraXPkawcEK7ii2tW:YkIQMRLrl+IBUPkaWi2tW

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2392	28408caa2961caecd35c9f8f7c1aecc5.exe
2392	28408caa2961caecd35c9f8f7c1aecc5.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.ini	28408caa2961caecd35c9f8f7c1aecc5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
16732	2392	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	28408caa2961caecd35c9f8f7c1aecc5.exe

C:\Users\Admin\AppData\Local\Temp\foo\28408caa2961caecd35c9f8f7c1aecc5.exe
"C:\Users\Admin\AppData\Local\Temp\foo\28408caa2961caecd35c9f8f7c1aecc5.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 944
  2⤵
  - Program crash
  PID:16732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2392 -ip 2392
1⤵
PID:16708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fughetta.dll

Filesize
10KB

MD5
e21867fcff7cae00745fb0f90db36131

SHA1
00f587e0bd02ac819349fb1adfe2a25a9613b9ad

SHA256
80c5087c422460f9fbf27b3ffdd5f9020f538cc46a1881df4ce6a01f60b5f507

SHA512
e903c62526d8387b2cd9d1061647a26a1af855b2878eaa370647c0402219505ba3c47070577648530d9075e1bb29b2d63872f9595bed216976fcdea066f95342

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssCB80.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
C:\Windows\win.ini

Filesize
131B

MD5
9848e4efb0abd437d65e6d3d1d973adb

SHA1
f427ac7c50b19f66658ae7f92cbaf21110b49a47

SHA256
c8b84add37da849977a84fe62badb6cb908be99769edb70d60bcd04c0aec2a3f

SHA512
f90f1f65b6b824a526469b8d739f733a54a7f485d8b5f680de7a35fac90786bf6ba5a0b1d62e139663c5ee73b8d687cf32d4ccf188e18c53084ec12d8c216b17

Download Submit
memory/2392-13-0x0000000003090000-0x0000000003098000-memory.dmp

Filesize
32KB

Download
memory/2392-19-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/2392-18-0x0000000003070000-0x0000000003071000-memory.dmp

Filesize
4KB

Download
memory/2392-100021-0x0000000003160000-0x0000000003169000-memory.dmp

Filesize
36KB

Download