Overview
overview
7Static
static
3Bypass-Too...l2.exe
windows7-x64
7Bypass-Too...l2.exe
windows10-2004-x64
7Bypass-Too...02.exe
windows7-x64
3Bypass-Too...02.exe
windows10-2004-x64
3Bypass-Tools/U952.exe
windows7-x64
7Bypass-Tools/U952.exe
windows10-2004-x64
3Bypass-Too...p2.exe
windows7-x64
3Bypass-Too...p2.exe
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 18:44
Static task
static1
Behavioral task
behavioral1
Sample
Bypass-Tools/CGWebInstall2.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Bypass-Tools/CGWebInstall2.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Bypass-Tools/GPass-4.1.02.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Bypass-Tools/GPass-4.1.02.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Bypass-Tools/U952.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Bypass-Tools/U952.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
Bypass-Tools/fg679p2.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Bypass-Tools/fg679p2.exe
Resource
win10v2004-20240611-en
General
-
Target
Bypass-Tools/fg679p2.exe
-
Size
498KB
-
MD5
6a606cbdb8860ff486656e6b8ce786d4
-
SHA1
8513e29b1844c086d3fa3ae3d1d2169f5378a96a
-
SHA256
cb0d4788d6382a032c50c503fef59e8625affc65ec7aef0cdd4bf89221d57f38
-
SHA512
0badea06710b5413e8ad5f8dcc6dcb5785bed5428977de6d42a56a9729fd26b2b61f0f2ea5c049a0d0c9213560954fe669c35b9760a16466edc9ad0a83b597b2
-
SSDEEP
12288:mqAYK1RQmJc+1yedZOSQOs7YNCS+nGxcz2+aQTJw/XfPJI:xzmRQmJPyei/Sx+PTuB
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4884 3020 WerFault.exe fg679p2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bypass-Tools\fg679p2.exe"C:\Users\Admin\AppData\Local\Temp\Bypass-Tools\fg679p2.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 3442⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3020 -ip 30201⤵