Overview

overview

7

Static

static

3

12455fe4e2...37.exe

windows7-x64

7

12455fe4e2...37.exe

windows10-2004-x64

7

$PLUGINSDI...re.dll

windows7-x64

1

$PLUGINSDI...re.dll

windows10-2004-x64

1

$PLUGINSDI...ms.dll

windows7-x64

1

$PLUGINSDI...ms.dll

windows10-2004-x64

1

$PLUGINSDI...pf.dll

windows7-x64

1

$PLUGINSDI...pf.dll

windows10-2004-x64

1

$PLUGINSDI...le.exe

windows7-x64

1

$PLUGINSDI...le.exe

windows10-2004-x64

1

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 18:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    12455fe4e26fb673dd9a0a1f375404572c8537954c85da189c75e3091c804737.exe

  • Size

    271KB

  • MD5

    ca029c9bf8427345cec5d37c9557d6c6

  • SHA1

    6d4b456a2b5cdcb0cc624c803d71dae2bde91859

  • SHA256

    12455fe4e26fb673dd9a0a1f375404572c8537954c85da189c75e3091c804737

  • SHA512

    b587bea8dca5b64fb6be04f0619cfa264fdd8482169c8ee8ed538083a0a42f80e50d978092c932b1f3fee1c68b87e78e05a23b1050af771bd45659751e24c9ff

  • SSDEEP

    6144:wGpoYkk4prY3yIuvrhVgSV/aPj2iiibLmQOYKYQkvA0:wGmkRYv1VgS/AZ9OYUkA0

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12455fe4e26fb673dd9a0a1f375404572c8537954c85da189c75e3091c804737.exe
    "C:\Users\Admin\AppData\Local\Temp\12455fe4e26fb673dd9a0a1f375404572c8537954c85da189c75e3091c804737.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\nsy66CF.tmp\Unmanageable.exe
      C:\Users\Admin\AppData\Local\Temp\nsy66CF.tmp\Unmanageable.exe ""
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2904
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2904 -s 580
        3⤵
          PID:2680

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Users\Admin\AppData\Local\Temp\nsy66CF.tmp\Unmanageable.exe
            Filesize

            45KB

            MD5

            acffd20af7fd815bc432fdae7046ea1e

            SHA1

            2ba44ebb36869d7c3a286507493d61d2474158a9

            SHA256

            bd25c89994a977347eefd06d1ba2ccede3777a3c717e8a70a2a623bcf653e5ed

            SHA512

            998455b131437d2ffbc4a429787beb1327e8356496c52efef9907c08bed38093e7889f1e318560176e01ccc36f1b4372c242bd4db0b3a079b83c62bbe8f3c04d

            Download Submit

          • memory/2904-23-0x000007FEF59C3000-0x000007FEF59C4000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2904-24-0x0000000000150000-0x0000000000162000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2904-25-0x000007FEF59C3000-0x000007FEF59C4000-memory.dmp

            Filesize

            4KB

            Download