Overview

overview

7

Static

static

3

6f289253d4...5a.exe

windows7-x64

7

6f289253d4...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 00:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6f289253d4adb92d784b4704bc1dc7314c9df72d47445b687f1cf889658ea55a.exe

  • Size

    624KB

  • MD5

    81e2b22d58f6ee8cfeec87824c722f55

  • SHA1

    b2af8ce22e8b11e79b5a518cda61a50036cd8175

  • SHA256

    6f289253d4adb92d784b4704bc1dc7314c9df72d47445b687f1cf889658ea55a

  • SHA512

    d51cd9d51eac39710d992efdfb027fe68b027cebf255ffa82df95d3a87b2aa121ee04ca059eb5e4ac1df7ef02b328f0e4e68476bdc64a17cfefb59e35f2cfc18

  • SSDEEP

    12288:P1/aGLDCMNpNAkoSzZWD8ayX2MQCw7D0tmJTN2msCQhrWvZ+tVMy1d7Jb:P1/aGLDCM4D8ayGMwJTNa0vZ3yb7B

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f289253d4adb92d784b4704bc1dc7314c9df72d47445b687f1cf889658ea55a.exe
    "C:\Users\Admin\AppData\Local\Temp\6f289253d4adb92d784b4704bc1dc7314c9df72d47445b687f1cf889658ea55a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3648
    • C:\ProgramData\qlqlp.exe
      "C:\ProgramData\qlqlp.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2380

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\DDF.sys .exe
          Filesize

          624KB

          MD5

          2c574ee6ce93b3e89f52606be05fb682

          SHA1

          d49e114d9bdfacd23b96958619924bb14f83fec8

          SHA256

          c42cf89d15889649a5733af9c58ae89125b9789f92c88903cd0784098ce71bdb

          SHA512

          b8faf9831bff3938b2e235157c53194fecad7daa1c52b2663116b7c158a59f49878061b8fd810c896c3907246908b0e9b554e75ef18695571c7d390a35582406

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          255KB

          MD5

          3b199066399b355a1567696853b81067

          SHA1

          fc6141e5285acc40a362420ee5779b90b16aea64

          SHA256

          b79fa16bcf19176850f07c841a98aefb3f149bf9004dcd70f71fdc980e3fec1d

          SHA512

          48d87eed230ab65fdd4e00e528ca334123d1fd41a315b3428dbad35158083057bd92a091fdf77982a756851ac22fb8f18e7edcaf0e7625c938a2412ac5e24198

          Download Submit

        • C:\ProgramData\qlqlp.exe
          Filesize

          369KB

          MD5

          fe43c41e0079604b5e86102d8166d17f

          SHA1

          e27c651356342b994d2eff2ae7b2ea488998d33d

          SHA256

          d2cb2a5ada33d7ab4c1821ff59898f10a27d623e3b08c709164589d4626e9879

          SHA512

          c2636dfe6854080c0ea116566016f4cc351003a3093525c9e5fcb047fa042cfb9065d024623aa7aaf1520744e5761993c5d68634876bf15bcabca3c6d62cf6df

          Download Submit

        • memory/2380-132-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download

        • memory/3648-0-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/3648-9-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download