43c95128b202671f60aee4ca59bb59fc1109c6468e5f4c6bca56813eb52fe39c

Analysis

max time kernel
119s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/08/2024, 11:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sigma.exe
Size

15KB
MD5

e630fcc32a0cc9fecc24efaea301ff41
SHA1

5597f906aa8f67e4b3ca5d1dd1d04d9fbe10ed63
SHA256

43c95128b202671f60aee4ca59bb59fc1109c6468e5f4c6bca56813eb52fe39c
SHA512

58b49c1ba20acc1d2e050e1cde719171ea1afe74552aab1b9b09cd7e415f86d2fe996151a3276c98928fe28f1955cce1c5bcb390ed611360feb519e21b674ac1
SSDEEP

384:JSl8HqQPO3Me7GBX3lMKnmdhEFN0RVPbO:seK0Oce7ClqEwRs

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4740	464	WerFault.exe	77

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sigma.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3960	MiniSearchHost.exe

C:\Users\Admin\AppData\Local\Temp\sigma.exe
"C:\Users\Admin\AppData\Local\Temp\sigma.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 1044
  2⤵
  - Program crash
  PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 464 -ip 464
1⤵
PID:4816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:224

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
cd6829f53a60318a54648f4ff9d694c2

SHA1
eda672c23f219a9cdbe740079412f5fbe04a157d

SHA256
5410184dfd5ef071de14c78cc7e9488049a85e313a3454250d53e974251ac906

SHA512
25a54ac013419868211b704a9b1f4cbc7c0a5b1a0e10cec09cd8eee3fbde7497e36c8e35f0506622eb9a47939c2c6b9590bf9bbf8d43508be13d7f85f7838ec9

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
bf9d506bc3ef115492702ab73476920b

SHA1
b5eef4d22ed88d8da0ffcf0b71ab6533378b6a4f

SHA256
76203097befb1239bd25e5a1d492a209cc461b5db423230937609ce84209cb0b

SHA512
1e77b56c16a0022818c24bdbe2448d98dfc3b87e8e9d6a5a3055a76543846dc28ae4e5a63e393ef853c032450d9963f7cd50eb6fe54e7aaa462dd14e3c12c9ee

Download Submit
C:\Users\Admin\Desktop\AssertShow.tiff

Filesize
112KB

MD5
442dab11149b36913de5ab7669b0a8b0

SHA1
5955138f8c02c90ce3225b508e8a07c085483c5b

SHA256
437bf33731088776b9f89ac48f413f5a2b457be671a3bdee9641c18ad44f4493

SHA512
b0f69335e1b7be8c9ec38e8fa33ca6eaec1c41d67f94450b3416269a9fea596a409250683c5195d720224286efcb501a8321f53a05a3ae72b80c46796ca460fd

Download Submit
memory/464-0-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

Filesize
4KB

Download
memory/464-1-0x0000000000150000-0x000000000015A000-memory.dmp

Filesize
40KB

Download
memory/464-2-0x0000000005220000-0x00000000057C6000-memory.dmp

Filesize
5.6MB

Download
memory/464-3-0x0000000004C70000-0x0000000004D02000-memory.dmp

Filesize
584KB

Download
memory/464-5-0x0000000074D50000-0x0000000075501000-memory.dmp

Filesize
7.7MB

Download
memory/464-6-0x0000000074D50000-0x0000000075501000-memory.dmp

Filesize
7.7MB

Download