302da867ea2e582c2b28f1c29e6e98db009b300079d1af6deac5b4931e20e96f

Analysis

max time kernel
102s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
17/03/2025, 23:07 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

302da867ea2e582c2b28f1c29e6e98db009b300079d1af6deac5b4931e20e96f.exe
Size

272KB
MD5

70480b615e6973c94971faadce2394b1
SHA1

fdcfb9387e064c715cf18704847342fb93120066
SHA256

302da867ea2e582c2b28f1c29e6e98db009b300079d1af6deac5b4931e20e96f
SHA512

0d2fa0fa70c07a1becfb41db1972b4f6641dc407dff43ab3e38768861c32a75b31c0bf0eff8e13ae5ca6390992d41ce5cd841496c550f1f1bc9e28ba63bec7e9
SSDEEP

6144:4AA0qfdcpUwtyla3MZ9Ic/aw0kkv15WlEbZteHr8zTIw:4rbFcpUIylV9IkDkv14CneHgAw

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3624	3824	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	302da867ea2e582c2b28f1c29e6e98db009b300079d1af6deac5b4931e20e96f.exe

C:\Users\Admin\AppData\Local\Temp\302da867ea2e582c2b28f1c29e6e98db009b300079d1af6deac5b4931e20e96f.exe
"C:\Users\Admin\AppData\Local\Temp\302da867ea2e582c2b28f1c29e6e98db009b300079d1af6deac5b4931e20e96f.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 328
  2⤵
  - Program crash
  PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3824 -ip 3824
1⤵
PID:1876

Network

DNS

c.pki.goog

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.200.35
GET

http://c.pki.goog/r/r1.crl

Remote address:

142.250.200.35:80

Request

GET /r/r1.crl HTTP/1.1
Cache-Control: max-age = 3000
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 304 Not Modified

Date: Mon, 17 Mar 2025 23:07:31 GMT
Expires: Mon, 17 Mar 2025 23:57:31 GMT
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Cache-Control: public, max-age=3000
Vary: Accept-Encoding
Age: 52

142.250.200.35:80

http://c.pki.goog/r/r1.crl

http

384 B
353 B
4
3

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

304

8.8.8.8:53

c.pki.goog

dns

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.200.35

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3824-0-0x0000000000400000-0x00000000007C8000-memory.dmp

Filesize
3.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.