Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
02/08/2024, 02:53
General
-
Target
7e1183c77cf73b9a53bd3484384d06c6.exe
-
Size
456KB
-
MD5
7e1183c77cf73b9a53bd3484384d06c6
-
SHA1
4d8d15ed4d10fc407235194e68f9a5a0211168f9
-
SHA256
299da039255bd2b4633cfbd08ea9360b8809adb29dc154f69027889d2f582d50
-
SHA512
faa103d221849a81b8818cba49efa0da7c5645e3cef804514c867822a7cd3a08ec553c15993c418016fbf239221776bf74d12e12b8cb01f2d49078458b7dbd2f
-
SSDEEP
6144:9J19q+R5wlde/s26vn+kYOfH9y5/iGjls99CP/PG0psT2vACiyEGT41UlbF1g/MV:9n9qcs29y9caG56uSytHTyUhF
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e1183c77cf73b9a53bd3484384d06c6.exe"C:\Users\Admin\AppData\Local\Temp\7e1183c77cf73b9a53bd3484384d06c6.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\gC01831AhOpH01831\gC01831AhOpH01831.exe"C:\ProgramData\gC01831AhOpH01831\gC01831AhOpH01831.exe" "C:\Users\Admin\AppData\Local\Temp\7e1183c77cf73b9a53bd3484384d06c6.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD55604b787807f0118ecb45932dee18966
SHA1d81e34d89476532ba8d88bd6c9b9907bef2fba57
SHA25638e59daf2c57e4e06335522c92dcac31cc5e19cdd6489d83b47508496b5708d5
SHA5122473d96889dc7e0616676e95c4cd6a68353a89c9cbf0ea4a264ea09580a8ca283a2d358fee166c2a362a41447fb32d201bd8ccad29ac4c241ba775c1e5241383
-
Filesize
456KB
MD5619f231fbbbbf4ee806155d1543d81b5
SHA131f1745d71d7a3dc509aac5708f279e1f224da98
SHA256dbb2f9189d4a3d418a56a94a69d3637ecda31d732d6f74a83f82eea2ca0c0cc9
SHA5121777357c55d78d08e223795e0a5d4d5c67b016c451f400c7a07904f862483f79858cfee385b5f05da7f42cdcbdc396cc34e5ac3b414ce454e17b280d1177a16b
-
Filesize
772KB
-
Filesize
772KB
-
Filesize
764KB
-
Filesize
772KB
-
Filesize
772KB
-
Filesize
764KB