Overview

overview

10

Static

static

3

746a519f3c...ef.exe

windows7-x64

10

746a519f3c...ef.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    746a519f3c5f3bbaac67a763b7a917b9d7af8094a321a852b5cbfbd5ad09eaef.exe

  • Size

    928KB

  • MD5

    84837299bbcd8ce45b606a1f9d33f798

  • SHA1

    65b7024c060432e5eadefe4ee0ed328a93561d03

  • SHA256

    746a519f3c5f3bbaac67a763b7a917b9d7af8094a321a852b5cbfbd5ad09eaef

  • SHA512

    27404b8bcf614bc219b529eb2cf65a50bd829af675db933752687fdb0b1cc75f848ae4f9be60416cd5073f532a4dc5fbf01b386e245d36efa2d87e70606e1289

  • SSDEEP

    24576:V1bSl988U7BwSGh3+PH6HQfDMs6myLuQtgbf1AGa:V8fyGhOSwfDMsILuf1Pa

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\746a519f3c5f3bbaac67a763b7a917b9d7af8094a321a852b5cbfbd5ad09eaef.exe
    "C:\Users\Admin\AppData\Local\Temp\746a519f3c5f3bbaac67a763b7a917b9d7af8094a321a852b5cbfbd5ad09eaef.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:4812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\xdccPrograms\7zFM.exe
    Filesize

    930KB

    MD5

    9aed825a33498358e426ab5d5c73f866

    SHA1

    1d28be3c40fa0a85ad8b642e21b953b5158e174a

    SHA256

    6da53eb23eb34fe347f29840c6ecd5bd66d268923644273fad2ba9adf864a842

    SHA512

    ecd8fb28a49bc413c926391b061dd3aed4b47303f46285fbd62147b50ccfac776b1ca72f64a990ccd5b496e68511a4edaf30d3abb1402e95a3a55641c59284e1

    Download Submit

  • memory/4812-19-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-20-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-21-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-22-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-23-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-24-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-25-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-26-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-29-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-30-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-90-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-91-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-92-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4812-93-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download