Resubmissions
25/03/2025, 14:09
250325-rf7ams1ks7 1005/02/2025, 10:47
250205-mvyvlavkcn 1014/12/2024, 19:04
241214-xq3m4asqhn 10Analysis
-
max time kernel
103s -
max time network
105s -
platform
windows11-21h2_x64 -
resource
win11-20250314-en -
resource tags
arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system -
submitted
25/03/2025, 14:09
Behavioral task
behavioral1
Sample
bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral2
Sample
bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral3
Sample
bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral4
Sample
bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exe
Resource
win11-20250314-en
Behavioral task
behavioral5
Sample
bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exe
Resource
win7-20240903-en
General
-
Target
bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exe
-
Size
542KB
-
MD5
61c19e7ce627da9b5004371f867a47d3
-
SHA1
4f3b4329871ec269043068a98e9cc929f603268d
-
SHA256
bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9
-
SHA512
dd919e1dace4e1f246552bbb1b55cd13f38bdac8764afb67624d4331341dff1c3cd75616da26d9deb4e05c04163b78a5ff8b9ffec2f73b2c9b82d5a41e216244
-
SSDEEP
6144:YONNYdX7HkqEHcTY6uoZzFyKAuGnlOOkl8tuGogbOIVmda9J4:YONNoX7HMHcTY6uoZzFyfONlwNB2
Malware Config
Signatures
-
resource yara_rule behavioral4/memory/452-0-0x0000000000400000-0x000000000048A000-memory.dmp upx behavioral4/memory/452-3-0x0000000000400000-0x000000000048A000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 4540 452 WerFault.exe 77 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exeC:\Users\Admin\AppData\Local\Temp\bf7114f025fff7dbc6b7aff8e4edb0dd8a7b53c3766429a3c5f10142609968f9.exe bcdedit /set shutdown /r /f /t 21⤵
- System Location Discovery: System Language Discovery
PID:452 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 2322⤵
- Program crash
PID:4540
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 452 -ip 4521⤵PID:4192