c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-08-2024 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
Size

5.9MB
MD5

96ec8798bba011d5be952e0e6398795d
SHA1

af7c73c47c62d70c546b62c8e1cc707841ec10e3
SHA256

c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37
SHA512

d002de37edd3df2f6751af06f7b25a2500b970eeb078e174bca8535624cfea6293636a11f4ee5c446383985b4099bebfbfb6f34b333ff5949e0df51f2edfc906
SSDEEP

98304:gP9cgRyyVyGHAeBSut+aFNnLlPLeqNZ8hY/1KbxabdDk1duupRWQgWseI9eIfbkr:C9hlX+aFFLlPKQ8hY/DkWWst9e4ge+

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 17 IoCs

Processes:

c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe

pid	process
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
5648	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exec3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe

description	pid	process	target process
PID 5044 wrote to memory of 5648	5044	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
PID 5044 wrote to memory of 5648	5044	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
PID 5044 wrote to memory of 5648	5044	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe	c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe

C:\Users\Admin\AppData\Local\Temp\c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
"C:\Users\Admin\AppData\Local\Temp\c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5044

C:\Users\Admin\AppData\Local\Temp\c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe
"C:\Users\Admin\AppData\Local\Temp\c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37.exe"
2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI50442\Crypto.Util.strxor.pyd

Filesize
7KB

MD5
62dcc6b73822f5f0106aaf264baa8174

SHA1
391622c31f0c6a8399cdd31d00e35d2d35babb23

SHA256
d4e63d4a0c9243c076054861274be232adebef41533ec4cbb8a6fa833903ace3

SHA512
3fbcd2027a9327179257f28e0633ddd65657d2e6df7f6615d7752aa46bd174be9aa74aaa2c73cac6b3c488edece24685e6e02d26ad5dd4f0432d78c75152e377

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50442\_ctypes.pyd

Filesize
89KB

MD5
9e6c48ec9508423d0ce6b6e4d4a10d90

SHA1
82548d0cfcd99bc11ecee670dc0c1c9538aa6ade

SHA256
b700441351b3a24a1ec392376984d3d95a541ea548c77f0df55d7af579ea9c1a

SHA512
37fc511610e5ab06a78f276bf0f4b7335a37d40fdf0158f674ecf1b029fe3298e0667230d3f8840258b8e5413108e1e6aeaaff090b3cca6eef007ca5a1f8d926

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50442\_hashlib.pyd

Filesize
993KB

MD5
b1dbd52e5da083e5b5613a2b4c17a4ef

SHA1
0ed87f9e0b572f88e102739daab54db03fade416

SHA256
fa57bf3173f2d636984305401c06f1618b8119fea2c311d1173566ea236fa0c6

SHA512
dbe14802ff53e8fb9f35baa1c1bd0dc55c1073e0f96b59b5cc3783760e23c645cd453a39b2b4d0ab79ee871ba1cb81154a4cf5c54b67dde7ea14008d72dd2cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50442\python27.dll

Filesize
2.5MB

MD5
f5c5c0d5d9e93d6e8cb66b825cd06230

SHA1
da7be79dd502a89cf6f23476e5f661eebd89342b

SHA256
e3eed66221a6552d4b9ae7350b3dc30de238a6029efae060514d2780c02fedb4

SHA512
8a13b15884f8450396b8f18597dfe62f0e13e7ab524d95de5b7b0497a64e52f26b22f977803280b1916fc2b45c52a92ab501a6fb8ad86970d8326be72f735279

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50442\secretsdump.exe.manifest

Filesize
1015B

MD5
f540bd09f6d6e2e79e05426d5e58c95c

SHA1
91ecc7c557b9a0882b14e8141705de08c3566489

SHA256
64015a750ea43b5c342dbe3e324dcd8877d7d87851a4820691267abab70006cf

SHA512
096e48e33a2bb0966b6103ba90f3e110be3a0a452587da62f109de8bee1dc51f1b9fc99b8be9bf4c26c7490c4ca4d203160a8ce8a0b84fed9e5235aa8d5797f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50442\select.pyd

Filesize
10KB

MD5
efb6435cb9fb6462132181738c729885

SHA1
0931e3aa2682fdf676b9b6009e8ca8f92f014e7e

SHA256
039981e17c2eb88cb2d08e50f2d323027e27683a7b3b3bc042e76fba40d34ab2

SHA512
6d7ad34390579e98cba75dfdbd3ace5af26ddf7f62675e33a29322911e94d1382ea84c8483265644866384ead64ffa55a1a0dd7c6d0787524fa972735f44f015

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50~1\Crypto.Cipher._AES.pyd

Filesize
28KB

MD5
e716a1c1e731ce965a3f03e5369de66d

SHA1
c562f138b1d12701b8f374e277a230d4febd0b82

SHA256
6a8b8b957edbe2c324146dd915231f05711db128b1291bfc7fa9c821c7881caa

SHA512
b51dc1acb52bec0de383c02c0801f7dc0586402fd4b6971a4886781d63f206faf264fcd300a5419a944ca71f5f29ccad2f6c31cccf48ec13a239bb34d6ac5570

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50~1\Crypto.Cipher._ARC4.pyd

Filesize
8KB

MD5
35cf493fa03a4b8a79666c23fea1da38

SHA1
9fb5ee963472f1d1754b6ac568574ebbc3ace8ab

SHA256
cda807a9cb5515f37b030f6ef4153b1e58b946a710af498173a756516d77a1d8

SHA512
8be08d249b18c244e789d4a3de21c4ddb1ee8e62aa75c84d0ea33afc746ec9cb7540d77c3966ca8e465ce3bec498f62c41d8034110721c764a6605dc0256febb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50~1\Crypto.Cipher._DES.pyd

Filesize
53KB

MD5
4142eb42a87310d01ed50ec82f4dffc1

SHA1
d62775001498e4298b03ef496baa8fc1b3d0fe1e

SHA256
a2bd61a869173321d34f835d409d3a5a251797bf63f531d25396778bb39454cd

SHA512
6c581f995e09d300727bab47a93142fd9ea0318d9662b316c7f486f22626155319ca7155bafdd987621a6ad1cdf5d5531eac6fb8409c4e7a039729e9935145fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50~1\Crypto.Cipher._DES3.pyd

Filesize
53KB

MD5
691dbef2850c1e375135981d718fc21b

SHA1
7ad1a49fc8088c265c937155383e938e42913366

SHA256
2792a38a1974fad445e6b7899405a5e1c13a2b1a21ef8f2f1951077659fbad89

SHA512
a354e95fe59bceb0caa9988f47c0a3330905cdbcd306ca2bc1fd937bacaaca80ea0c66d3b7bf5de2830143acba53cd218c8a274a8951f76be86075ab2156af1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50~1\Crypto.Hash._MD4.pyd

Filesize
10KB

MD5
1c303a89853532c1cdfa59cd543bbf2c

SHA1
e77a8c85d526dfac464fe2fd1d65c3b291ee09ea

SHA256
5a95d92de1e906b8e12725c0628080313e271ec6b7f29e8d14951abccfe8112c

SHA512
8adcf9eafea044113d2aeb11a9835c7dbb60f1dda55fe7f20411f85962cbdb1d4a2d6e35e54a0168d1c358419997f4c6dbbd769e9d144bd5776265969c01e213

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50~1\_socket.pyd

Filesize
45KB

MD5
600de8a82e2204e88df27714687f88b9

SHA1
dac20e0bf5482a6f09648648bc4d38562473c89e

SHA256
a24422d519e5a9283a0887d4be09be2ac89797886d8f45151cab5e9fef8db1e1

SHA512
3d82eb600bd358a019dcde1f4a337d87f29c9a22937989dddfe697c433f58ba9e4a836752998a542e7df179adafa8c89c99aa18b51b100f7a57aa5b47a456460

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50~1\_ssl.pyd

Filesize
1.3MB

MD5
9b59be1fa8427368c4e0e763f578d74c

SHA1
7287fe431a0a67aa41e9952906759746ddcffad1

SHA256
4ba198e7f53a37b3a825ff2ce4d3e6ca00ad96e62852f0127a46c57a9a4a3026

SHA512
6905c5f80ff723ff79863332dd8d20d4cbbe224d355ba9b824a6f29ead62ebec16fa96ec664bdb56a2688847881a53c34459311c156f35aa887b2a808a6e9032

Download Submit
memory/5648-45-0x0000000002CC0000-0x0000000002CD0000-memory.dmp

Filesize
64KB

Download
memory/5648-58-0x0000000002D10000-0x0000000002D20000-memory.dmp

Filesize
64KB

Download