Analysis
-
max time kernel
92s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04-08-2024 16:14
Behavioral task
behavioral1
Sample
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
Resource
win11-20240802-en
General
-
Target
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
-
Size
5.9MB
-
MD5
96ec8798bba011d5be952e0e6398795d
-
SHA1
af7c73c47c62d70c546b62c8e1cc707841ec10e3
-
SHA256
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37
-
SHA512
d002de37edd3df2f6751af06f7b25a2500b970eeb078e174bca8535624cfea6293636a11f4ee5c446383985b4099bebfbfb6f34b333ff5949e0df51f2edfc906
-
SSDEEP
98304:gP9cgRyyVyGHAeBSut+aFNnLlPLeqNZ8hY/1KbxabdDk1duupRWQgWseI9eIfbkr:C9hlX+aFFLlPKQ8hY/DkWWst9e4ge+
Malware Config
Signatures
-
Loads dropped DLL 17 IoCs
Processes:
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exepid process 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe 1240 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exec3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exedescription pid process target process PID 1576 wrote to memory of 1240 1576 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe PID 1576 wrote to memory of 1240 1576 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe PID 1576 wrote to memory of 1240 1576 c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe"C:\Users\Admin\AppData\Local\Temp\c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Users\Admin\AppData\Local\Temp\c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe"C:\Users\Admin\AppData\Local\Temp\c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1240
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5e716a1c1e731ce965a3f03e5369de66d
SHA1c562f138b1d12701b8f374e277a230d4febd0b82
SHA2566a8b8b957edbe2c324146dd915231f05711db128b1291bfc7fa9c821c7881caa
SHA512b51dc1acb52bec0de383c02c0801f7dc0586402fd4b6971a4886781d63f206faf264fcd300a5419a944ca71f5f29ccad2f6c31cccf48ec13a239bb34d6ac5570
-
Filesize
53KB
MD54142eb42a87310d01ed50ec82f4dffc1
SHA1d62775001498e4298b03ef496baa8fc1b3d0fe1e
SHA256a2bd61a869173321d34f835d409d3a5a251797bf63f531d25396778bb39454cd
SHA5126c581f995e09d300727bab47a93142fd9ea0318d9662b316c7f486f22626155319ca7155bafdd987621a6ad1cdf5d5531eac6fb8409c4e7a039729e9935145fb
-
Filesize
10KB
MD51c303a89853532c1cdfa59cd543bbf2c
SHA1e77a8c85d526dfac464fe2fd1d65c3b291ee09ea
SHA2565a95d92de1e906b8e12725c0628080313e271ec6b7f29e8d14951abccfe8112c
SHA5128adcf9eafea044113d2aeb11a9835c7dbb60f1dda55fe7f20411f85962cbdb1d4a2d6e35e54a0168d1c358419997f4c6dbbd769e9d144bd5776265969c01e213
-
Filesize
7KB
MD562dcc6b73822f5f0106aaf264baa8174
SHA1391622c31f0c6a8399cdd31d00e35d2d35babb23
SHA256d4e63d4a0c9243c076054861274be232adebef41533ec4cbb8a6fa833903ace3
SHA5123fbcd2027a9327179257f28e0633ddd65657d2e6df7f6615d7752aa46bd174be9aa74aaa2c73cac6b3c488edece24685e6e02d26ad5dd4f0432d78c75152e377
-
Filesize
2.5MB
MD5f5c5c0d5d9e93d6e8cb66b825cd06230
SHA1da7be79dd502a89cf6f23476e5f661eebd89342b
SHA256e3eed66221a6552d4b9ae7350b3dc30de238a6029efae060514d2780c02fedb4
SHA5128a13b15884f8450396b8f18597dfe62f0e13e7ab524d95de5b7b0497a64e52f26b22f977803280b1916fc2b45c52a92ab501a6fb8ad86970d8326be72f735279
-
Filesize
1015B
MD5f540bd09f6d6e2e79e05426d5e58c95c
SHA191ecc7c557b9a0882b14e8141705de08c3566489
SHA25664015a750ea43b5c342dbe3e324dcd8877d7d87851a4820691267abab70006cf
SHA512096e48e33a2bb0966b6103ba90f3e110be3a0a452587da62f109de8bee1dc51f1b9fc99b8be9bf4c26c7490c4ca4d203160a8ce8a0b84fed9e5235aa8d5797f8
-
Filesize
10KB
MD5efb6435cb9fb6462132181738c729885
SHA10931e3aa2682fdf676b9b6009e8ca8f92f014e7e
SHA256039981e17c2eb88cb2d08e50f2d323027e27683a7b3b3bc042e76fba40d34ab2
SHA5126d7ad34390579e98cba75dfdbd3ace5af26ddf7f62675e33a29322911e94d1382ea84c8483265644866384ead64ffa55a1a0dd7c6d0787524fa972735f44f015
-
Filesize
8KB
MD535cf493fa03a4b8a79666c23fea1da38
SHA19fb5ee963472f1d1754b6ac568574ebbc3ace8ab
SHA256cda807a9cb5515f37b030f6ef4153b1e58b946a710af498173a756516d77a1d8
SHA5128be08d249b18c244e789d4a3de21c4ddb1ee8e62aa75c84d0ea33afc746ec9cb7540d77c3966ca8e465ce3bec498f62c41d8034110721c764a6605dc0256febb
-
Filesize
53KB
MD5691dbef2850c1e375135981d718fc21b
SHA17ad1a49fc8088c265c937155383e938e42913366
SHA2562792a38a1974fad445e6b7899405a5e1c13a2b1a21ef8f2f1951077659fbad89
SHA512a354e95fe59bceb0caa9988f47c0a3330905cdbcd306ca2bc1fd937bacaaca80ea0c66d3b7bf5de2830143acba53cd218c8a274a8951f76be86075ab2156af1f
-
Filesize
89KB
MD59e6c48ec9508423d0ce6b6e4d4a10d90
SHA182548d0cfcd99bc11ecee670dc0c1c9538aa6ade
SHA256b700441351b3a24a1ec392376984d3d95a541ea548c77f0df55d7af579ea9c1a
SHA51237fc511610e5ab06a78f276bf0f4b7335a37d40fdf0158f674ecf1b029fe3298e0667230d3f8840258b8e5413108e1e6aeaaff090b3cca6eef007ca5a1f8d926
-
Filesize
993KB
MD5b1dbd52e5da083e5b5613a2b4c17a4ef
SHA10ed87f9e0b572f88e102739daab54db03fade416
SHA256fa57bf3173f2d636984305401c06f1618b8119fea2c311d1173566ea236fa0c6
SHA512dbe14802ff53e8fb9f35baa1c1bd0dc55c1073e0f96b59b5cc3783760e23c645cd453a39b2b4d0ab79ee871ba1cb81154a4cf5c54b67dde7ea14008d72dd2cae
-
Filesize
45KB
MD5600de8a82e2204e88df27714687f88b9
SHA1dac20e0bf5482a6f09648648bc4d38562473c89e
SHA256a24422d519e5a9283a0887d4be09be2ac89797886d8f45151cab5e9fef8db1e1
SHA5123d82eb600bd358a019dcde1f4a337d87f29c9a22937989dddfe697c433f58ba9e4a836752998a542e7df179adafa8c89c99aa18b51b100f7a57aa5b47a456460
-
Filesize
1.3MB
MD59b59be1fa8427368c4e0e763f578d74c
SHA17287fe431a0a67aa41e9952906759746ddcffad1
SHA2564ba198e7f53a37b3a825ff2ce4d3e6ca00ad96e62852f0127a46c57a9a4a3026
SHA5126905c5f80ff723ff79863332dd8d20d4cbbe224d355ba9b824a6f29ead62ebec16fa96ec664bdb56a2688847881a53c34459311c156f35aa887b2a808a6e9032