Overview

overview

10

Static

static

3

88885df737...0N.exe

windows7-x64

10

88885df737...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88885df7373d53bcf18a09d6bce77980N.exe

  • Size

    784KB

  • MD5

    88885df7373d53bcf18a09d6bce77980

  • SHA1

    6a474b0129c7957fcc7c5c62be189ecbe1349218

  • SHA256

    1ada3efbfaf4a8f10bd94ec025b7c4f4581e5d5e3de8c7d06c68d20ea5964d2c

  • SHA512

    d97b93952d6125eaebdc45b3ca146af8a15961895cd2dd43f485853fef8c6b28d451c7dff5097457c2c74df56e5c0247b9b9aa79517504af31baae7178515c06

  • SSDEEP

    24576:K1bHLFagnHnCMuRFipdJV+uLO3DBdXgmYcGW:KragHdJVKVdXgFW

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\88885df7373d53bcf18a09d6bce77980N.exe
    "C:\Users\Admin\AppData\Local\Temp\88885df7373d53bcf18a09d6bce77980N.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\xdccPrograms\7zG.exe
    Filesize

    827KB

    MD5

    abfb8a6fae4e15334fdda0ba89401c8c

    SHA1

    76dfad9c513ef183d961745ef43e87806e089640

    SHA256

    04ae3d00a79d2aa16ba2f78dde25576ebb4dc80aaacd1a37e07c492c2704e6bc

    SHA512

    111ba9fa97ac678af88d3980347f2ff07d1cfd7c0ef0259ae87886466038f650095cfdd87f93854296fb4e2c1e9a06dd301e7200a87d5fea545eb93914de10eb

    Download Submit

  • memory/2908-36-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-97-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-98-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-99-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-100-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-101-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-102-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-103-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-104-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-105-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2908-106-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download