Analysis Overview
SHA256
2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851
Threat Level: Likely benign
The file 2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851 was found to be: Likely benign.
Malicious Activity Summary
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Program crash
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 20:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 20:52
Reported
2025-01-27 20:55
Platform
win7-20241010-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Drops file in System32 directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\oobeldr.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-writewin_31bf3856ad364e35_6.1.7600.16385_none_378836c309ee380e\write.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_b45109ec45a678fc\WFServicesReg.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_175ab6276b721d6a\LocationNotifications.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c46104dd379\msinfo32.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.17514_none_4544cf0e5f20beea\prevhost.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-compact_31bf3856ad364e35_6.1.7600.16385_none_55ea2c71cf438ffc\compact.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_11.2.9600.16428_none_eace14b8d6178cca\SetIEInstalledDate.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_9cef76e6ecab612f\SystemPropertiesHardware.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.1.7600.16385_none_7c5b469993c3ad32\jsc.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_6.1.7601.17514_none_301a46c726a4cdc6\repair-bde.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0\MsSpellCheckingFacility.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7601.17514_none_f4285a06060032a9\vbc.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_ef38a8d0d05cc2c7\IMJPDCT.EXE | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_netfx-clrgc_b03f5f7f11d50a3a_6.1.7601.17514_none_f5276fe6b5adf276\clrgc.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-autofmt_31bf3856ad364e35_6.1.7601.17514_none_441a424cd5cda219\autofmt.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-dispdiag_31bf3856ad364e35_6.1.7600.16385_none_a0d95afc49c833b6\dispdiag.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01\rdrleakdiag.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.7601.17514_none_3eb101caec1acc2c\ie4uinit.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d\printui.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_a3c349b4bdac0898\RegAsm.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-computerdefaults_31bf3856ad364e35_6.1.7600.16385_none_626b9352dcfa715c\ComputerDefaults.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb\MdRes.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-commandlinehelp_31bf3856ad364e35_6.1.7600.16385_none_3020274b22e8a90f\help.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.1.7600.16385_none_d9bb586ff6564bbc\dvdupgrd.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFaultSecure.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\wow64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_c8df7823424473a1\netbtugc.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\wow64_microsoft-windows-tzutil_31bf3856ad364e35_6.1.7601.17514_none_9cbe849a4e275c84\tzutil.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_9d700972113e2691\wowreg32.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_a058fee6d0280cab\fontview.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_4cc4738d82efdf85\makecab.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7600.16385_none_99424f610bd169de\control.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\twunk_16.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1\Eap3Host.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_6.1.7601.17514_none_b532bb17fea7ee9a\LinqWebConfig.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_83171a284b28fcec\AddInProcess32.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_31db018394805d6b\TSTheme.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_884c69064922f75b\msinfo32.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.2.9600.16428_none_46d2efef53c02386\wextract.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\appcmd.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnscacheugc.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmmon32.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\migwiz.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\poqexec.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01\BrmfRsmg.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.2.9600.16428_none_3bb1024f1e6bc086\mshta.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_533cd4f8150e6a86\RMActivate_ssp_isv.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\icsunattend.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.2.9600.16428_none_8cae83b0cdeb7a9b\ielowutil.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_a907fb2af12e5dc6\PING.EXE | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winhlp32.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_097346be305f3966\fixmapi.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\explorer.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\BrmfRsmg.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\notepad.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe
"C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-27 20:52
Reported
2025-01-27 20:55
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
142s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe
"C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3164 -ip 3164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 320
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |