Overview

overview

7

Static

static

3

e21ee8365e...aa.exe

windows7-x64

7

e21ee8365e...aa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e21ee8365e87be0ff7256db82599dd7e4b1edafa49ff9780a07377d2d9ad94aa.exe

  • Size

    395KB

  • MD5

    24ac96b09cb9256bc14dc129d39d2207

  • SHA1

    0a8c1ffddde8e3594d593c3ac373a8b767e10467

  • SHA256

    e21ee8365e87be0ff7256db82599dd7e4b1edafa49ff9780a07377d2d9ad94aa

  • SHA512

    521214e48bbc05f378dd4d9afd9fd22f309c58e607cd346119337440171b79795ce041c31b2ae8d24380a9848846baa28a7741031e6f000fec172a7eb45db650

  • SSDEEP

    6144:4jlYKRF/LReWAsUyeGzYqEMZuoWUPrtJeiNYd5lr5OzRoOWX:4jauDReW4GzYqboETeXr5B

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e21ee8365e87be0ff7256db82599dd7e4b1edafa49ff9780a07377d2d9ad94aa.exe
    "C:\Users\Admin\AppData\Local\Temp\e21ee8365e87be0ff7256db82599dd7e4b1edafa49ff9780a07377d2d9ad94aa.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\ProgramData\skcap.exe
      "C:\ProgramData\skcap.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    395KB

    MD5

    11e1c15bcdc9b34cb557927751f17d31

    SHA1

    0742d1825765f83ab275fad600946645be1c6f40

    SHA256

    8721abb61cc423f26538a0f8e18dd2d4041440232a4a47e4bab5efa3fd3408a2

    SHA512

    e00c2f091c09f6bd7755e96799535c728533e08c8aa9f907bed39eb36bcf6e00c3be5dd703b6da26b51eee796846b18171ea76ffaacab7a40289426903f1cfca

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\skcap.exe
    Filesize

    258KB

    MD5

    1fe367a1efd27d6841e842ac240d340a

    SHA1

    999679bf5a85e50fadc7e746319d3c088b2c8f0b

    SHA256

    6ffd8d3057f55f76d0a42d335b199332e8f92e1a9afb873de02773c6dcdc8a9a

    SHA512

    1a22439075acb76b3342b2e8ffe6ff812fb00e1b62654c66c9957800455be2af909e8114092a41d2ca8e1e9e70b0d35a398005b1ceb3f94c861c16ff1eb92ebb

    Download Submit

  • memory/1824-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1824-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1824-14-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2804-137-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2804-1137-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download