27604590f75bcb6070c9f3cb0c87adc1af040a4408539cb15400a7229c63b389

Analysis

max time kernel
25s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

inject_execute.exe
Size

698KB
MD5

97f36ddb64ba225b62cba327f407fdc3
SHA1

87de934ad8c83ceba3271393f7f0992bfc4814fe
SHA256

27604590f75bcb6070c9f3cb0c87adc1af040a4408539cb15400a7229c63b389
SHA512

95f8b646e05d28487e76a24b6c743ecb076d4e01c2c1f34ee5eaae0ba1c82bbdf7d2b1f027f31897ca975dc1d4d81fb43f29f3224d04eebf03b32f2f9552c08a
SSDEEP

12288:dVSeyIfxkt4MkZw9LuzU4ANuB4Ge5Qw0tTe75ZCkIfbStxba1aIsMHfYG/mK82tt:dVytmZWLuzTKC4X30omI

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2932	inject_execute.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	inject_execute.exe

C:\Users\Admin\AppData\Local\Temp\inject_execute.exe
"C:\Users\Admin\AppData\Local\Temp\inject_execute.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
709KB

MD5
83207d65de7bf0d7ad28449ebede5741

SHA1
bd144b369317842ace03358a6cb1f42f1c70f826

SHA256
60818a3c27bfc7fe3fa7ed5f2104f697fb3b7a6ef09dcfa56dc0b89045e74c17

SHA512
9b42f34a1b228f5a433c7769a6c4bf05779a154ff9392ccc00894717e6889bf187bcf7985e1105ed16396ba0e7b62e1f18d100d0b420229666c45b373d0e1a29

Download Submit
memory/2932-0-0x00000000749EE000-0x00000000749EF000-memory.dmp

Filesize
4KB

Download
memory/2932-1-0x0000000000D80000-0x0000000000E34000-memory.dmp

Filesize
720KB

Download
memory/2932-6-0x0000000075740000-0x0000000075801000-memory.dmp

Filesize
772KB

Download