Overview

overview

7

Static

static

3

6120ee19b8...0N.exe

windows7-x64

7

6120ee19b8...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05-08-2024 06:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6120ee19b83bad670d452fa60cd9c860N.exe

  • Size

    404KB

  • MD5

    6120ee19b83bad670d452fa60cd9c860

  • SHA1

    02cfe3deea875012b2e9aa242fada183595c7e1b

  • SHA256

    6d78e38d4be42961f320591ad39d48d04a50e518fa94a9019a9cf77f1eb1b2db

  • SHA512

    53f348253d769b69a77d345810daf36555e5b1bed0c8c4f127b8b10b0bf97ccdc88bf1ca1b9f6badd96b42ce970058db4976d6efa97cc071a74ef2a395b26d01

  • SSDEEP

    6144:4jlYKRF/LReWAsUysPO5xKM58f31SK0zxHX2BFD7TzoyCUMR1Pj6XQld:4jauDReWKgxKM5K31IxHmlPlMRt++d

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6120ee19b83bad670d452fa60cd9c860N.exe
    "C:\Users\Admin\AppData\Local\Temp\6120ee19b83bad670d452fa60cd9c860N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\ProgramData\couxuc.exe
      "C:\ProgramData\couxuc.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    404KB

    MD5

    47141f79794befc3fcc642efc118725b

    SHA1

    5ee646761e3c2f4e70291d7508ab89bcecbd1428

    SHA256

    567c9369f6ab4ecb6a995c50161254c88c88ee13d608595ef507315880597c12

    SHA512

    4beaa1ad3391275ceab496fb5b1de782ba65da4b76c0d2f063ad1ddc320793a0b3f9b9c1c5b751f4aa354914de117aab1c542bf9059742f976d3d2ade027b605

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\couxuc.exe
    Filesize

    267KB

    MD5

    f183bb6d5299caa04f3831da2a299a0d

    SHA1

    4be6b2b05aa19ab722d872f528068d5c5ebfc97f

    SHA256

    24ef820e02d8b3e67b5feb074272e43670598bb5257b6ab0377e72b36f3b68ce

    SHA512

    532af72fdfa4816ad5b1818aa2dc601ab465bd94c4cb2933d4a548f5af18740b7f3a12aef36b81ea52cada4d2f21b0de5dd0e8a2061796d7f163722fc136ea89

    Download Submit

  • memory/1188-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1188-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1188-14-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2760-133-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download