1d063e084df2d2719ae2576a938bba2f66cdbbb1570cf10e9f251fa2fb6f9819

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93f302a61a72b084bc9f179bc7e83560N.exe
Size

768KB
MD5

93f302a61a72b084bc9f179bc7e83560
SHA1

87c9723bf1755b302b389679efd0c4f5e9f88985
SHA256

1d063e084df2d2719ae2576a938bba2f66cdbbb1570cf10e9f251fa2fb6f9819
SHA512

49787da3f6b71ba71a9887e4ed235bcd46881b39b268e3777a5f3a15c11cb9d03dc25bf4c83be0b56d3f1ad9bf9a1af53c3d000af19dd4c9ee4f19b882909904
SSDEEP

12288:5tF8rVehLRrMfbCAf9CAfK4AXygqfwWCAfK4AXygqfYCAfRCAT:5tGxqGfb9f99foigY79foigYY9fR9

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2220	93f302a61a72b084bc9f179bc7e83560N.exe

Executes dropped EXE 1 IoCs

pid	Process
2220	93f302a61a72b084bc9f179bc7e83560N.exe

Loads dropped DLL 1 IoCs

pid	Process
1948	93f302a61a72b084bc9f179bc7e83560N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	93f302a61a72b084bc9f179bc7e83560N.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1948	93f302a61a72b084bc9f179bc7e83560N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2220	1948	93f302a61a72b084bc9f179bc7e83560N.exe	32
PID 1948 wrote to memory of 2220	1948	93f302a61a72b084bc9f179bc7e83560N.exe	32
PID 1948 wrote to memory of 2220	1948	93f302a61a72b084bc9f179bc7e83560N.exe	32
PID 1948 wrote to memory of 2220	1948	93f302a61a72b084bc9f179bc7e83560N.exe	32

C:\Users\Admin\AppData\Local\Temp\93f302a61a72b084bc9f179bc7e83560N.exe
"C:\Users\Admin\AppData\Local\Temp\93f302a61a72b084bc9f179bc7e83560N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\93f302a61a72b084bc9f179bc7e83560N.exe
  C:\Users\Admin\AppData\Local\Temp\93f302a61a72b084bc9f179bc7e83560N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\93f302a61a72b084bc9f179bc7e83560N.exe

Filesize
768KB

MD5
1903f8eeb3ff80453224abbb666a2ba6

SHA1
4a7219eaafa540944d225b2f3844a0f583d68afc

SHA256
8914f70378ce5ee8490bd75b3d3561f098dc61ea7fb2db83e6bea0c246c67c88

SHA512
878791c5db2af9af772202ca9fb80ae92219dd2ce9b3234797a0db1b2559dc79c2b678ea2043d1c1f505148d3080d471606a5288115f89d8d05731d34993a364

Download Submit
memory/1948-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1948-9-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2220-11-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2220-13-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download