Overview

overview

7

Static

static

3

26c2e1ba96...0N.exe

windows7-x64

7

26c2e1ba96...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 15:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    26c2e1ba96da0c2750e8e7123eb524b0N.exe

  • Size

    52KB

  • MD5

    26c2e1ba96da0c2750e8e7123eb524b0

  • SHA1

    6905332cc1d39b61e0543b881d2b2c9d6e9eda3c

  • SHA256

    ab83ca600e38a8481fa0c4a9bd9d0c228840d3b6110b73b5591a58a9a538ec46

  • SHA512

    32fe0ff6fb74594610dc814db045a6cfa8823b104969c5077bd69dd822f7722d9e7d61f6a856fd9463fd2a0a9e9206823c4e5eb32df345c6681aa623db062ac5

  • SSDEEP

    768:2PitRNEGtXXnZ/JudBDtcUtdVCxVOS3fNGq5xgBti:RF3wDtkx3P5xsi

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26c2e1ba96da0c2750e8e7123eb524b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c2e1ba96da0c2750e8e7123eb524b0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
      "C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      PID:1588

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\hcbnaf.exe
          Filesize

          52KB

          MD5

          159449e8915fa8bff689d39e1d0390a8

          SHA1

          e8cbd0959e9954caacb938bec9b0694442a266f7

          SHA256

          d9e2a568343ab0aeb6d03a5e57387379263934288a0b986846f7fe86824c1937

          SHA512

          81fa43ca1c3f58815f6d53216770e6e0d74b7051d9b3184a6fd2ac852e1f9b537e2e0c572380ccd1d8155a5ff18c4643358bd64d343a155580fcb48f54bb7c16

          Download Submit

        • memory/1588-11-0x0000000000240000-0x0000000000245000-memory.dmp

          Filesize

          20KB

          Download

        • memory/2024-1-0x00000000001D0000-0x00000000001D5000-memory.dmp

          Filesize

          20KB

          Download