ff4dabd6a49d3dd251f842aa4a099f8c5dab27cafd0cb6edc7736dd93e8a2e80

Analysis

max time kernel
31s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 02:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c103cd004198700947da736f262ff90N.exe
Size

6.2MB
MD5

3c103cd004198700947da736f262ff90
SHA1

0dba7292239677b3db56821cf2a7afc8de8edc7c
SHA256

ff4dabd6a49d3dd251f842aa4a099f8c5dab27cafd0cb6edc7736dd93e8a2e80
SHA512

cd34fc9ac39a76482ef53be9c74510907a204f7945dd122d8db77723371c8f2491b17547e447b03b20ba155895026ace8b209ddcab699f66bdc09c72db6b05fc
SSDEEP

98304:g9Phxeo9vkcQ+v49pN/hwQqZUha5jtSyZIUbm:ApvkcQmIiQbaZtlir

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1224	4FB6.tmp

Loads dropped DLL 1 IoCs

pid	Process
2236	3c103cd004198700947da736f262ff90N.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3c103cd004198700947da736f262ff90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4FB6.tmp

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1224	4FB6.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1224	2236	3c103cd004198700947da736f262ff90N.exe	28
PID 2236 wrote to memory of 1224	2236	3c103cd004198700947da736f262ff90N.exe	28
PID 2236 wrote to memory of 1224	2236	3c103cd004198700947da736f262ff90N.exe	28
PID 2236 wrote to memory of 1224	2236	3c103cd004198700947da736f262ff90N.exe	28
PID 2236 wrote to memory of 1224	2236	3c103cd004198700947da736f262ff90N.exe	28
PID 2236 wrote to memory of 1224	2236	3c103cd004198700947da736f262ff90N.exe	28
PID 2236 wrote to memory of 1224	2236	3c103cd004198700947da736f262ff90N.exe	28

C:\Users\Admin\AppData\Local\Temp\3c103cd004198700947da736f262ff90N.exe
"C:\Users\Admin\AppData\Local\Temp\3c103cd004198700947da736f262ff90N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\4FB6.tmp
  "C:\Users\Admin\AppData\Local\Temp\4FB6.tmp" --pingC:\Users\Admin\AppData\Local\Temp\3c103cd004198700947da736f262ff90N.exe AE619AA207A837A7E4FCC83B8FF7450316500D0AB27B4E635B54481DC9117F2AAF6D1B5480387DC784A36C4C989AFF666F645F5ACB2DF229C30F2E85B6EF401B
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\4FB6.tmp

Filesize
6.2MB

MD5
5baf60b32b6131a8c5a1831dd8c8a9cd

SHA1
1a0cf2b3ec60039f006d0723c55e5cc829628a4f

SHA256
67c39e0ceefb9bff96ea8c798e1dab202315bef5bfcd00ea5e5ec2d85dd5bbde

SHA512
ea95e86f8d83776d88e7e54aebd4cd9860ea7a720073e6c1f44ecd081875bbc84e04c4e4377e96cb1867396c9fbac759dba1751a5e48b505bdd551bfc432ca7a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads