Overview

overview

4

Static

static

3

Endermanch...pt.exe

windows7-x64

4

Endermanch...pt.exe

windows10-2004-x64

4

Resubmissions

07-01-2024 02:01

240107-cftl8acccn 10

07-01-2024 01:59

240107-cedjlsdfd9 4

Analysis

  • max time kernel
    87s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2024 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.B4AEE8263914A03EB43661D2C524F6B22A074CC522B09366516809636FC15CCF
    Filesize

    16B

    MD5

    25697289524b9ab43c44e45b0cf22b71

    SHA1

    65c8550aaf238607960396682445dd2831c518b0

    SHA256

    6617647485c542807df2ebb0c67e1c958589c94dde04e3e8680e83d0bb951294

    SHA512

    1c212ad6b764fabded11d897252380223644c35efa24312f45eab755ae5c1fc0989c16aad67e8fc58873338e5382352a8464baccc49696aad59af5548d37cde9

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.B4AEE8263914A03EB43661D2C524F6B22A074CC522B09366516809636FC15CCF
    Filesize

    32KB

    MD5

    2e7b2f8f038bf9930de1bbce7ebf3d79

    SHA1

    f83cdc5cba4accc888e7904c6c91e70019035f80

    SHA256

    c7dd782a3ca6cd91252ee56494bf304c9636abf2c5672bb4cb5d3a117df079ee

    SHA512

    c23f0477c94f675115b17c05fb0b38f6071e51742efb5bd5980dd6d05d54a2132422a9650e3041217cc9d99a44f593651630c2b78fd14c88b070226b41a82292

    Download Submit

  • memory/2124-1-0x0000000000070000-0x00000000000AC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2124-2-0x0000000004910000-0x00000000049AC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2124-0-0x0000000074810000-0x0000000074FC0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2124-3-0x0000000004F60000-0x0000000005504000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2124-4-0x0000000004A50000-0x0000000004AE2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2124-5-0x0000000004C90000-0x0000000004CA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-6-0x0000000004A00000-0x0000000004A0A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2124-7-0x0000000004CA0000-0x0000000004CF6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2124-130-0x0000000074810000-0x0000000074FC0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2124-131-0x0000000004C90000-0x0000000004CA0000-memory.dmp

    Filesize

    64KB

    Download