6d78e38d4be42961f320591ad39d48d04a50e518fa94a9019a9cf77f1eb1b2db

Analysis

max time kernel
119s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6120ee19b83bad670d452fa60cd9c860N.exe
Size

404KB
MD5

6120ee19b83bad670d452fa60cd9c860
SHA1

02cfe3deea875012b2e9aa242fada183595c7e1b
SHA256

6d78e38d4be42961f320591ad39d48d04a50e518fa94a9019a9cf77f1eb1b2db
SHA512

53f348253d769b69a77d345810daf36555e5b1bed0c8c4f127b8b10b0bf97ccdc88bf1ca1b9f6badd96b42ce970058db4976d6efa97cc071a74ef2a395b26d01
SSDEEP

6144:4jlYKRF/LReWAsUysPO5xKM58f31SK0zxHX2BFD7TzoyCUMR1Pj6XQld:4jauDReWKgxKM5K31IxHmlPlMRt++d

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3872	dsajs.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\dsajs.exe"	dsajs.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6120ee19b83bad670d452fa60cd9c860N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dsajs.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 3872	2320	6120ee19b83bad670d452fa60cd9c860N.exe	85
PID 2320 wrote to memory of 3872	2320	6120ee19b83bad670d452fa60cd9c860N.exe	85
PID 2320 wrote to memory of 3872	2320	6120ee19b83bad670d452fa60cd9c860N.exe	85

C:\Users\Admin\AppData\Local\Temp\6120ee19b83bad670d452fa60cd9c860N.exe
"C:\Users\Admin\AppData\Local\Temp\6120ee19b83bad670d452fa60cd9c860N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2320
- C:\ProgramData\dsajs.exe
  "C:\ProgramData\dsajs.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:3872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
404KB

MD5
f85a86cb31063168e9f66b44202a5ff7

SHA1
0775f779348d658e031c5d204c2e5cf305b8efd5

SHA256
3e8132b276fc0a658dd2421b22f76b2bca1ea61c64fdb9c713d97e3912d9bc93

SHA512
3157ba36626fd5b1082fba8bbc6e894dfce1f2b12cf0384fd9bfec2527313c1a29e56ec5f7295bf23d85236ba472cbfc02c4935787d69ff7594f7c4ded677757

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
cb4c442a26bb46671c638c794bf535af

SHA1
8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

SHA256
f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

SHA512
074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

Download Submit
C:\ProgramData\dsajs.exe

Filesize
267KB

MD5
f183bb6d5299caa04f3831da2a299a0d

SHA1
4be6b2b05aa19ab722d872f528068d5c5ebfc97f

SHA256
24ef820e02d8b3e67b5feb074272e43670598bb5257b6ab0377e72b36f3b68ce

SHA512
532af72fdfa4816ad5b1818aa2dc601ab465bd94c4cb2933d4a548f5af18740b7f3a12aef36b81ea52cada4d2f21b0de5dd0e8a2061796d7f163722fc136ea89

Download Submit
memory/2320-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2320-1-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2320-8-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/3872-130-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads