733179a9fb2453ab3c5bc218a6a5cd92e35b07de0d1e01ed115a6fa3c1ff82d1

Analysis

max time kernel
100s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10cda15b93b035151f7f8a1666d1d050N.exe
Size

47KB
MD5

10cda15b93b035151f7f8a1666d1d050
SHA1

b9f50a82ba503b5b27baffcb93be17506713194e
SHA256

733179a9fb2453ab3c5bc218a6a5cd92e35b07de0d1e01ed115a6fa3c1ff82d1
SHA512

a66370710563c6475cbb38cbb20cf5cdf28d3035176da0dfdd06b4eb83368784d8f228d5406e48094ec4ff042fc92dfb836c6c00c9bfa7bb62eb41fbb4fb709b
SSDEEP

768:ErzETetesuzVxUVpaAHIh6eb0nNY0rUV05UZ+J9gdc+N41/22b8:EMTexO4pa4A6ebSYnmUMgt0A

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1456	rmass.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rmass.exe	10cda15b93b035151f7f8a1666d1d050N.exe
File created	C:\Windows\SysWOW64\rmass.exe	10cda15b93b035151f7f8a1666d1d050N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	10cda15b93b035151f7f8a1666d1d050N.exe

C:\Users\Admin\AppData\Local\Temp\10cda15b93b035151f7f8a1666d1d050N.exe
"C:\Users\Admin\AppData\Local\Temp\10cda15b93b035151f7f8a1666d1d050N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2368
- C:\Windows\SysWOW64\rmass.exe
  "C:\Windows\SysWOW64\rmass.exe"
  2⤵
  - Executes dropped EXE
  PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rmass.exe

Filesize
44KB

MD5
a08661d9b2397f6d229a8e6030c6d77c

SHA1
162e7ef58e91d18d76dfcfee2c17f50807c1d597

SHA256
5809c1fc90abdbc2e52bea8d2a711585959bb5022918087948fd075cb4e6fba5

SHA512
07cdfd6daf1f1da2e8dca970ee27ec38daebd7c8dcbbf56f220f606517139be791d465eb3804715661a91e250d83c33f574bc49b9fa5e82d7095d05eecba2797

Download Submit
memory/2368-0-0x0000000077922000-0x0000000077923000-memory.dmp

Filesize
4KB

Download
memory/2368-4-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download