Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
01-08-2024 12:35
Behavioral task
behavioral1
Sample
78743c3f85b3485ec2a49a07529bc760N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
78743c3f85b3485ec2a49a07529bc760N.exe
Resource
win10v2004-20240730-en
General
-
Target
78743c3f85b3485ec2a49a07529bc760N.exe
-
Size
370KB
-
MD5
78743c3f85b3485ec2a49a07529bc760
-
SHA1
6efd2968bdbd316657417c708387bcb946ec714b
-
SHA256
fd63c2da89f16a4a2db0a86f79472a72ffd4330458d12201fa0571dc94a1f28f
-
SHA512
c7c65c2c921c59810ae754dd575222182900e7c5d88010df99da1ff952f1f5fab6e41ee66d40aca40195f28a79cb6e1c89e8c6132c5b59b73d691b6aa80ceea6
-
SSDEEP
6144:CuJkl8DV12C28tLN2/FkCO0aHftvCGCBhDOHjTPmXHk62pHj:CzGL2C2aZ2/F1XaveOHjTn
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
fuevj.exepid process 1880 fuevj.exe -
Loads dropped DLL 2 IoCs
Processes:
78743c3f85b3485ec2a49a07529bc760N.exepid process 1640 78743c3f85b3485ec2a49a07529bc760N.exe 1640 78743c3f85b3485ec2a49a07529bc760N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
78743c3f85b3485ec2a49a07529bc760N.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 78743c3f85b3485ec2a49a07529bc760N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
78743c3f85b3485ec2a49a07529bc760N.exedescription pid process target process PID 1640 wrote to memory of 1880 1640 78743c3f85b3485ec2a49a07529bc760N.exe fuevj.exe PID 1640 wrote to memory of 1880 1640 78743c3f85b3485ec2a49a07529bc760N.exe fuevj.exe PID 1640 wrote to memory of 1880 1640 78743c3f85b3485ec2a49a07529bc760N.exe fuevj.exe PID 1640 wrote to memory of 1880 1640 78743c3f85b3485ec2a49a07529bc760N.exe fuevj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\78743c3f85b3485ec2a49a07529bc760N.exe"C:\Users\Admin\AppData\Local\Temp\78743c3f85b3485ec2a49a07529bc760N.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1640 -
C:\Users\Admin\AppData\Local\Temp\fuevj.exe"C:\Users\Admin\AppData\Local\Temp\fuevj.exe"2⤵
- Executes dropped EXE
PID:1880
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD54576b45dbc7263392889a9f595148277
SHA1b0f22ac4707bafb43a7bccdb5ce31c5a5a8b6b63
SHA2568924c7694f4f23a6b9a97ce46fddc6f1b98a8c12d9c7c2a4bd86291153523b0f
SHA512f520fb45beb4e6d82f8348056f26c9cc72b2af62ac4ef4cf12dc1060c9d9d97d80c66d2459a7454e3033b9dfe1ce5eeee7624f21c3255d429a29db35d55b8c38
-
Filesize
370KB
MD5ebfdecdb79e55cf7850ae1e46487ef06
SHA18da71d52c9497f7d3c7019753e64965edcf72715
SHA256a32b773d819f91a580bba13a6d7149dfef61b78da427a51429357aa1bb9bf9ff
SHA512297b5c966cc2387c615d833120b314e8f08f501863411ba4d66cd0c9e0400b9dea436252d66e64782d99aeb2e7ccee5072acbe3e079d5912e17d7720a6d93d00