Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
07/08/2024, 04:14
Static task
static1
Behavioral task
behavioral1
Sample
60e6e801300be8b2744597c9b46f92d0N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
60e6e801300be8b2744597c9b46f92d0N.exe
Resource
win10v2004-20240802-en
General
-
Target
60e6e801300be8b2744597c9b46f92d0N.exe
-
Size
29KB
-
MD5
60e6e801300be8b2744597c9b46f92d0
-
SHA1
2d7d4f0272b413cfb51505aa501e53767640a9d4
-
SHA256
ba6f187d25bab435a00463bfd5bb06a1207338cee99d3c6ff06c3ae70a85b206
-
SHA512
e8fe24e1d227d437591bc81ca332977f00702d2eb0e46a90ed61137259adfe4d977de8d374181dd74d01a35d77a268abb50743da55389883e199b2905800c457
-
SSDEEP
384:AGNkzd6k6qeGOIuQt50yV3GQhn93MKguGikhscLIFxJEpAI0Bnd0H:A+6lS4N3GQP3XLBgwx6pA7oH
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1988 jkgfddk.exe -
Loads dropped DLL 1 IoCs
pid Process 1740 60e6e801300be8b2744597c9b46f92d0N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jkgfddk.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 60e6e801300be8b2744597c9b46f92d0N.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1740 60e6e801300be8b2744597c9b46f92d0N.exe 1988 jkgfddk.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1740 wrote to memory of 1988 1740 60e6e801300be8b2744597c9b46f92d0N.exe 31 PID 1740 wrote to memory of 1988 1740 60e6e801300be8b2744597c9b46f92d0N.exe 31 PID 1740 wrote to memory of 1988 1740 60e6e801300be8b2744597c9b46f92d0N.exe 31 PID 1740 wrote to memory of 1988 1740 60e6e801300be8b2744597c9b46f92d0N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\60e6e801300be8b2744597c9b46f92d0N.exe"C:\Users\Admin\AppData\Local\Temp\60e6e801300be8b2744597c9b46f92d0N.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Users\Admin\AppData\Local\Temp\jkgfddk.exe"C:\Users\Admin\AppData\Local\Temp\jkgfddk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
PID:1988
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD59ebc7e0caab09d69a07a69cf14d39578
SHA127a25e17d6d36712fcf4b305606f1f2c46019b9e
SHA2566b4ef7d82479c8ed4788ae2fa6dd5a576e332f60d48f99d11f144d37b5647114
SHA51254b1ab97c77b3e29dbdacbbc5c5fce627fcc88c3e1a50c41ef32b1d33cae72d9eafded767146ecdd5576967684cdf0828a2c1d67877350b7b4d34df4461bec67