Overview

overview

7

Static

static

3

ec988abefa...0N.exe

windows7-x64

7

ec988abefa...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    102s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 18:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ec988abefad799b3a5cbda4504edc050N.exe

  • Size

    467KB

  • MD5

    ec988abefad799b3a5cbda4504edc050

  • SHA1

    d5a99985eef10ed2bee46f2ef174193c32bcb8f4

  • SHA256

    83e66109b18d85aaa3797665843ae6664225f0049e8e9430daabfa8c1c0903d7

  • SHA512

    8e7ac3e4a905951ecde45187e18232a4bc717004dfbbecdbb216d61d489dc56a3f8e0814792349495def5bc052137cd6abdcde964df2e088f6d819daed10004a

  • SSDEEP

    6144:mSyAAwKrd01YZW9mhO81rtfTWZGy1Q34HOSR4R5DLhFfUG3xpORuuW3XE+rf+QxB:PYO1QIubR5RF/3rORuuoXEOrkC

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec988abefad799b3a5cbda4504edc050N.exe
    "C:\Users\Admin\AppData\Local\Temp\ec988abefad799b3a5cbda4504edc050N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3772
    • C:\Users\Admin\AppData\Local\Temp\9B75.tmp
      "C:\Users\Admin\AppData\Local\Temp\9B75.tmp" --pingC:\Users\Admin\AppData\Local\Temp\ec988abefad799b3a5cbda4504edc050N.exe 2121E7C481F6BD5741EC7D57EE6751C7F9A362CE2EB734A7D7E76ED336DE191D6FB99FBA8ACEE1338F9EFA8A6D8CCC21A632ED2B5317E60C950AA8E768C8DDDB
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Modifies registry class
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:700
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ec988abefad799b3a5cbda4504edc050N.doc" /o ""
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2140

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\9B75.tmp
          Filesize

          467KB

          MD5

          e2eebf79e5da9ade8df138669187115c

          SHA1

          4d4a68be9e39c69917205f2f182e42c15583a6c5

          SHA256

          552556205be623fa1fd241f10a3fac6c20121ccdc0f255fe90db00ab7e563670

          SHA512

          d328faadbfb85c944bf7b2c7718fb8f210faca986c0229b7efac0d157e2913b51077cf5a0f1f968b3da351b60e18ba2ed5f6f21f71e3d40836e4a7c50eeb5742

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TCD3273.tmp\sist02.xsl
          Filesize

          245KB

          MD5

          f883b260a8d67082ea895c14bf56dd56

          SHA1

          7954565c1f243d46ad3b1e2f1baf3281451fc14b

          SHA256

          ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

          SHA512

          d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\ec988abefad799b3a5cbda4504edc050N.doc
          Filesize

          35KB

          MD5

          59975947e6db92e743655ebdf2e3c495

          SHA1

          5e967d85a4df28f9fed485156919a14fb411d18d

          SHA256

          83c9df8884ffd5b51bdbdb9314d587477ecf50c3144c6c230ded3a3041f24e05

          SHA512

          1cdc533bcc9bf50c69dd3a516c4fff8f24cf2ba9ecf1df885c12d4f459727b63c2d7f1a388ac0a4ac2fe59fe1bd5f5cb623001c736df33490fb245e06d7af692

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
          Filesize

          16B

          MD5

          d29962abc88624befc0135579ae485ec

          SHA1

          e40a6458296ec6a2427bcb280572d023a9862b31

          SHA256

          a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

          SHA512

          4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
          Filesize

          2B

          MD5

          f3b25701fe362ec84616a93a45ce9998

          SHA1

          d62636d8caec13f04e28442a0a6fa1afeb024bbb

          SHA256

          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

          SHA512

          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

          Download Submit

        • memory/700-6-0x0000000000400000-0x000000000047E000-memory.dmp

          Filesize

          504KB

          Download

        • memory/700-18-0x0000000000400000-0x000000000047E000-memory.dmp

          Filesize

          504KB

          Download

        • memory/2140-35-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-29-0x00007FFF066F0000-0x00007FFF06700000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-22-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-24-0x00007FFF4906D000-0x00007FFF4906E000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2140-23-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-25-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-27-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-26-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-28-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-30-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-32-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-576-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-34-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-33-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-31-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-19-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-41-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-40-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-42-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-38-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-37-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-36-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-39-0x00007FFF066F0000-0x00007FFF06700000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-20-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-21-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-75-0x00007FFF48FD0000-0x00007FFF491C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2140-572-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-573-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-575-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-574-0x00007FFF09050000-0x00007FFF09060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3772-7-0x0000000000400000-0x000000000047E000-memory.dmp

          Filesize

          504KB

          Download

        • memory/3772-0-0x0000000000400000-0x000000000047E000-memory.dmp

          Filesize

          504KB

          Download