Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/08/2024, 01:22
General
-
Target
1ec56aff8af5d693a9821853d11459be7733aac08e9cc68ffd096dd0d757e47c.exe
-
Size
535KB
-
MD5
8a8a6f83d73a180c15453902aeede774
-
SHA1
aa1b5e5b42d39c75c835f29b57e9a1a95c52dc2c
-
SHA256
1ec56aff8af5d693a9821853d11459be7733aac08e9cc68ffd096dd0d757e47c
-
SHA512
9166f2ebee3056ab19023faef05eb3b1c719d57123c4aad97b196dd489a16d60408a1ce2c3fc35155341eb6ccad89906806be694c9478abd991712e644122240
-
SSDEEP
12288:N3IwhAlD0vQhjIhzJEUt6nhAwZ/1vbXFg3zULh5a9NDc:N3Iwh+dlI1JP6hZMq5a91
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
-
Drops file in Windows directory 5 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ec56aff8af5d693a9821853d11459be7733aac08e9cc68ffd096dd0d757e47c.exe"C:\Users\Admin\AppData\Local\Temp\1ec56aff8af5d693a9821853d11459be7733aac08e9cc68ffd096dd0d757e47c.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\aqinopltwralffd\pno3z9bycbrexmptrsty.exe"C:\aqinopltwralffd\pno3z9bycbrexmptrsty.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\aqinopltwralffd\btjppay.exe"C:\aqinopltwralffd\btjppay.exe"3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\aqinopltwralffd\btjppay.exeC:\aqinopltwralffd\btjppay.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\aqinopltwralffd\dzgmxfuszjfn.exeqijnxwqtmozv "c:\aqinopltwralffd\btjppay.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
535KB
MD58a8a6f83d73a180c15453902aeede774
SHA1aa1b5e5b42d39c75c835f29b57e9a1a95c52dc2c
SHA2561ec56aff8af5d693a9821853d11459be7733aac08e9cc68ffd096dd0d757e47c
SHA5129166f2ebee3056ab19023faef05eb3b1c719d57123c4aad97b196dd489a16d60408a1ce2c3fc35155341eb6ccad89906806be694c9478abd991712e644122240
-
Filesize
4B
MD5c9ff5de30d92bbaebe199a23cd75a634
SHA177da9518197fd8f44ca455de09ac67801e9adff6
SHA256baa5deda68890001e96c011c76c9387db261b0e5d753da54046fe2e82b1a7b8a
SHA512defaf3e46914adf05ce388718e8d4f31b0e7eb33527e04c1eba3eeec650a32d95816c8169f1d3b965cf9611ae7a4fd2b632cad4c135606e3bedfdf193b744a8e
-
Filesize
8B
MD582e5be2a9009a0d49642f78c824d38b6
SHA101b5462fb3d9983c4fcd652d6d459d48a6419deb
SHA256d7a8386c38f093d2ba2ebc1429e074c2a4cabc520f09fe524f3a70aa4d64ce29
SHA5125d3c3a8d4892011ac28ed944665625a3ee266fea0f87acb187f465bfb15dbe926f2a92e49bcd302f4693ba6981abb5fe66a0472f3dab3aa1a3d90e2218b598db