Overview

overview

7

Static

static

3

869a7baecf...0N.exe

windows7-x64

7

869a7baecf...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 09:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    869a7baecf786015308c2e90a4a05ed0N.exe

  • Size

    57KB

  • MD5

    869a7baecf786015308c2e90a4a05ed0

  • SHA1

    15c416336841a1132716e00165a7db83c2ebfff3

  • SHA256

    219237062e0b85de238747bd0ecb3d925560b1ddc55e239084084c6b690bc356

  • SHA512

    49895835ac405adcecb05191a896f417d689d289aa9b6efc1e1226b9a9f3a0c2c76a28d0594d36c4a3b144789707f5cd61eee6f2701de6d7677142126b26bcc4

  • SSDEEP

    768:MApQr0DWvdFJI34HGxusOy9Rp1pLeAxoeC48PqK1OtaP6cCFzENREMZ7vVb:MAaJJlTsh7pWezEPJB+ON

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\869a7baecf786015308c2e90a4a05ed0N.exe
    "C:\Users\Admin\AppData\Local\Temp\869a7baecf786015308c2e90a4a05ed0N.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\windows\SysWOW64\sal.exe
      "C:\windows\system32\sal.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\sal.exe
    Filesize

    57KB

    MD5

    25a6186861fbefa67b5d7ad86bc7b5df

    SHA1

    38ac8beae68f13562a5186f247a34699f5580614

    SHA256

    09d741ca443e4b4394a26559df5049fef51eb9ff704832913cefe1c3046e7a08

    SHA512

    ffc5aceb47060037b21a4b8c91b670f8c519a5d59bfe18df6f17df779bd0ab8ea03cd0b8387f2ca3fb75bf8b82d36a677254bfb56c2797cf67f3519186abd14b

    Download Submit

  • memory/2192-11-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2228-1-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download