Overview

overview

10

Static

static

3

430f9f9361...0N.exe

windows7-x64

10

430f9f9361...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 02:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    430f9f9361cb04db55d14de9cdc19cd0N.exe

  • Size

    648KB

  • MD5

    430f9f9361cb04db55d14de9cdc19cd0

  • SHA1

    2b992bfb8c6638067f08868588445198c9dccdfd

  • SHA256

    ed8c50a22892588310327a8e2ce6f1e20e22626677f912acd25a57dedf1e0015

  • SHA512

    281d8f74b8b64f103787bc609cecd8e8c347ba24077197c012a148919025d5f98b1fe98500a419470d3031e0fec4884499bee8f0eac675d3a09893c8663acc22

  • SSDEEP

    12288:V1b8l0HApIkopKv35U1BlCblRXpv+UhUNyn2KWtqxsgx9w1bfuVM8y3KmodAc375:V1b8eHAuY35U1Op9HZ2M+gkjgNyKmodX

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\430f9f9361cb04db55d14de9cdc19cd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\430f9f9361cb04db55d14de9cdc19cd0N.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:436

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\DC++ Share\java-rmi.exe
          Filesize

          62KB

          MD5

          57ba4103e5d4a0ef3d23ab20cb1a1d80

          SHA1

          3522d98098050dc901d94727465cc6bac366e1f4

          SHA256

          a355d9a8aee087169571326db7e14668e17fe2739261b2fab56c778e34ac4d95

          SHA512

          43d10b3915351d1bee259874b4ac8c5c33c8fb378bd4d3d24efef6d6012ef9e3af0af3440418ad55f14689fb3ebc93a58c27c84c0bdcac7df0649f30b9605267

          Download Submit

        • C:\Windows\SysWOW64\xdccPrograms\7zFM.exe
          Filesize

          930KB

          MD5

          7de6f110ed1ef083b3a2ffabd57512be

          SHA1

          237af32de7496e3f1599da8e7cd7ef47b0f7b8fa

          SHA256

          42e70b24b7ecfc4f43b34e6b8de2234c4e3ce4070b5f26515f9d3aae49b85cb7

          SHA512

          828d4b4127ee37d9e116926d5cc10164e50c89af4e0dad877cb8d34397890f5db69d6e9e0af942f40f2b182aab56ffb42998586debaa2c0c050198fe3322a25d

          Download Submit

        • memory/436-101-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-98-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-99-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-100-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-39-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-102-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-103-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-104-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-105-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-106-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/436-107-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download