Analysis

  • max time kernel
    38s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2024 04:03

General

  • Target

    5f3d5f8eae7c4bafe2f1e0ca83edf2e0N.exe

  • Size

    281KB

  • MD5

    5f3d5f8eae7c4bafe2f1e0ca83edf2e0

  • SHA1

    c4bee44faaa77967652f34304091e9ea2418320b

  • SHA256

    ceac954cc8a5912ee568c933fdf0c862abfa80a0638a6f1541ac3c4b691f8e92

  • SHA512

    d485c791d0f6342acc8222581230877131183a6a069f2a66081f433fdcab7ca1906d7c52a8f7f1957f09a4b6eadf3efe18474cbe46b1e7b5ddf7ea99ee4ea301

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fKkfm:boSeGUA5YZazpXUmZhZ6S7

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f3d5f8eae7c4bafe2f1e0ca83edf2e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5f3d5f8eae7c4bafe2f1e0ca83edf2e0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
        "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
        3⤵
          PID:2704

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe

      Filesize

      281KB

      MD5

      c209ad5dad2822f3f41d367ffbab4e0d

      SHA1

      878d9d369573ee1138822c39fe506a74ea516bdc

      SHA256

      84637f5204cbce8453fe51488103858b29be31628658272f74c3e2b24955d3c2

      SHA512

      6ed75185c32633333a198dcf61bd42bf1420e09c9af7f02f0651f0c448662845db6145cc0a2a7c1b5790518dcbdcbb5680a7b3e98f9ee16bb83729e7710dac68

    • memory/2120-0-0x0000000074ED1000-0x0000000074ED2000-memory.dmp

      Filesize

      4KB

    • memory/2120-1-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2120-2-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2120-3-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2120-12-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2740-13-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2740-14-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2740-15-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2740-16-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2740-18-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB

    • memory/2740-19-0x0000000074ED0000-0x000000007547B000-memory.dmp

      Filesize

      5.7MB