Overview

overview

7

Static

static

3

337b231b46...0N.exe

windows7-x64

7

337b231b46...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    337b231b463b9de22a8bc63646b17ed0N.exe

  • Size

    404KB

  • MD5

    337b231b463b9de22a8bc63646b17ed0

  • SHA1

    8e63c593876335545b1c830a11e3ce5445c35477

  • SHA256

    a3ae28fe51a5c14c72e26b3517beebb341f924db54e4f2c4ee8b194a735946af

  • SHA512

    0da09201d7f8268f5bec9ad22c584311249a88bfe4cd7a9df0d2ca6b2f4ab4558bc2f7b85fb25903d9ab4c5c323d51494ece187a4e2a511284a56023d7b6188d

  • SSDEEP

    6144:4jlYKRF/LReWAsUyI9i9flooAGAyEoroehIroXn31CqbF7:4jauDReWpbAGAyEkoehIrG30I

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\337b231b463b9de22a8bc63646b17ed0N.exe
    "C:\Users\Admin\AppData\Local\Temp\337b231b463b9de22a8bc63646b17ed0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\ProgramData\kvscj.exe
      "C:\ProgramData\kvscj.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    404KB

    MD5

    0d732fd1082d86dfce2259edcad894ea

    SHA1

    743a845845421aa7d36a77973c6646c743151509

    SHA256

    dade633dfa595e4965cabf426f6bb490898a4fcea615c29ec494e2b40ba29dc9

    SHA512

    9982a46a0dd4d3f6936d2b8653bfd65eec3f8c08bf9ecc20ce4cf45bfc09ebdd44bbf5297d4c93754d8d0b490d70b2e930c21ab4290291468e132c2d9a1f3368

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\kvscj.exe
    Filesize

    267KB

    MD5

    d581d6962a13f3f2ed1cb09fb66c798a

    SHA1

    e3bb3b7f90dfa4825e42159bf6a78ad357fa9add

    SHA256

    62db1513726a7194fe608f90a90d2f67c887193c6df1b3acaa25134648baa110

    SHA512

    1cdac8aa1b3bd07ce577d94d8a68ff5e939e588ae06ba6bc739f49b8bdf7ac0180dc26ea89131879145c5a39e996c98d8d3cca15273c5aaa44968e67cb894040

    Download Submit

  • memory/1976-137-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2324-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2324-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2324-14-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download