Overview

overview

10

Static

static

3

Payment Ad...7].exe

windows7-x64

10

Payment Ad...7].exe

windows10-2004-x64

7

yzoczjnuz.exe

windows7-x64

10

yzoczjnuz.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2024 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yzoczjnuz.exe

  • Size

    59KB

  • MD5

    60ebe600e2d67c0877426dfd53be96d7

  • SHA1

    83c0f3f77bec5df19f20ab0706ca736bd5e6e0d6

  • SHA256

    fad978413cf6a36fbd03d3c96a5a08d0cf227e17710abddc06e73ae1913de648

  • SHA512

    f0e2839211d84f2247a654f51ff07fe4c89f3d9ed71558e34479d8afe08aa9f606a65d1e53eaa0bea8287537de8f7e50427402f33a0339739b4dff7405a127eb

  • SSDEEP

    1536:WgvtLu0ZssXg2J2m3K5n2ETMCZQsuyXn5QnQC:WACsPEvMCi32nCnQC

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\yzoczjnuz.exe
    "C:\Users\Admin\AppData\Local\Temp\yzoczjnuz.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1100
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 560
      2⤵
      • Program crash
      PID:3480
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1100 -ip 1100
    1⤵
      PID:4100

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1100-0-0x0000000004C70000-0x0000000004C72000-memory.dmp

      Filesize

      8KB

      Download