Overview

overview

7

Static

static

3

d484c3668f...98.exe

windows7-x64

7

d484c3668f...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d484c3668f3c95291a6790a41043d5b75792b815164fd76a6635b312a991a998.exe

  • Size

    1.7MB

  • MD5

    798483d5ad5b60fc723267cb6d79595f

  • SHA1

    1c9786c0740e5ea67e06921a38583452fa90c708

  • SHA256

    d484c3668f3c95291a6790a41043d5b75792b815164fd76a6635b312a991a998

  • SHA512

    398aa230ed82ea55423a9518bb392d0a05305cff97a49e676d76e5b4c207138a975d50272de82c69a31071f8cc11b62cdeda21bdd36a0de474186bd28c04f878

  • SSDEEP

    24576:HawwKusHwEwSDMn6ididUSeMITCqgcfyr4Py6K22i+i8rtVs1ZY7jQY716:XwREDDMkdHeMxWrP+beY7UY716

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d484c3668f3c95291a6790a41043d5b75792b815164fd76a6635b312a991a998.exe
    "C:\Users\Admin\AppData\Local\Temp\d484c3668f3c95291a6790a41043d5b75792b815164fd76a6635b312a991a998.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\AppData\Local\Temp\is-V4N00.tmp\d484c3668f3c95291a6790a41043d5b75792b815164fd76a6635b312a991a998.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-V4N00.tmp\d484c3668f3c95291a6790a41043d5b75792b815164fd76a6635b312a991a998.tmp" /SL5="$5014E,875174,845824,C:\Users\Admin\AppData\Local\Temp\d484c3668f3c95291a6790a41043d5b75792b815164fd76a6635b312a991a998.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-V4N00.tmp\d484c3668f3c95291a6790a41043d5b75792b815164fd76a6635b312a991a998.tmp
    Filesize

    3.2MB

    MD5

    a3bd69de7b79413f283c2279cbc92ae6

    SHA1

    21c0b247b9cf3ad3356fdeba071a686452118954

    SHA256

    c0e92498b914208d7e6631b682a27eebf0a522946df2bcfdbf1d68746d88d3a7

    SHA512

    930aa6ae71dfdbdb4918eb272975261339c1011c569a414f5a8e6e70230d9001c45435e02bc7ca67b97634f392e70c17e51c4d67f0baa942ec164c19f6e61288

    Download Submit

  • memory/2228-8-0x0000000000450000-0x0000000000451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2228-11-0x0000000000090000-0x00000000003D3000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2228-14-0x0000000000450000-0x0000000000451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2292-1-0x0000000001020000-0x00000000010FC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2292-2-0x0000000001021000-0x00000000010C9000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2292-10-0x0000000001020000-0x00000000010FC000-memory.dmp

    Filesize

    880KB

    Download