ff4dabd6a49d3dd251f842aa4a099f8c5dab27cafd0cb6edc7736dd93e8a2e80

Analysis

max time kernel
98s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 02:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c103cd004198700947da736f262ff90N.exe
Size

6.2MB
MD5

3c103cd004198700947da736f262ff90
SHA1

0dba7292239677b3db56821cf2a7afc8de8edc7c
SHA256

ff4dabd6a49d3dd251f842aa4a099f8c5dab27cafd0cb6edc7736dd93e8a2e80
SHA512

cd34fc9ac39a76482ef53be9c74510907a204f7945dd122d8db77723371c8f2491b17547e447b03b20ba155895026ace8b209ddcab699f66bdc09c72db6b05fc
SSDEEP

98304:g9Phxeo9vkcQ+v49pN/hwQqZUha5jtSyZIUbm:ApvkcQmIiQbaZtlir

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3220	B4F8.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3c103cd004198700947da736f262ff90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	B4F8.tmp

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3220	B4F8.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 3220	3572	3c103cd004198700947da736f262ff90N.exe	86
PID 3572 wrote to memory of 3220	3572	3c103cd004198700947da736f262ff90N.exe	86
PID 3572 wrote to memory of 3220	3572	3c103cd004198700947da736f262ff90N.exe	86

C:\Users\Admin\AppData\Local\Temp\3c103cd004198700947da736f262ff90N.exe
"C:\Users\Admin\AppData\Local\Temp\3c103cd004198700947da736f262ff90N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Users\Admin\AppData\Local\Temp\B4F8.tmp
  "C:\Users\Admin\AppData\Local\Temp\B4F8.tmp" --pingC:\Users\Admin\AppData\Local\Temp\3c103cd004198700947da736f262ff90N.exe E315CE08367203F97D9C50EC9356A0F2BF00E58B6C0D5C71EF74665FC0B6614A007A442BA2E757DBA6E52915EFABAB0381C7647E2099AC62C638D19DD7790627
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\B4F8.tmp

Filesize
6.2MB

MD5
7aac7af04120ee13a539c0a95d181c9c

SHA1
e04b29aca42321fe960bbc402a76ecb4e0538763

SHA256
2608b7698bd23e7a74e86d75e4f0cf033631f4d222be6ed5272c2f3d43558599

SHA512
b9386fd1bba83852ccb860fa308927d6d91bd370f44f68e165c01a2e726455e4e016f76fe73a25ed309b415f7706c0e5ea6b9bdf632ed3115633ea969292d399

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads