2fb6416603b08211b99eaede06d96482f92c1c1fcca0c902812cbe6b3358bd38

Resubmissions

10/08/2024, 04:25

240810-e15w4awbkj 7

10/08/2024, 04:22

240810-ezc5pawalj 7

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/08/2024, 04:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

System Transparency.exe
Size

231KB
MD5

47f618f5667a37292e57bcdfb3794f19
SHA1

47fb8f3e1578075cfae8886f8c41c308bdc63f19
SHA256

ef4d34e632e48b7ab64d0fe196e36952e3c56815280940c1df01c95902b85733
SHA512

6df12f282e965a1ddae9c5ed59908b667249eae52af27fdc30fc967e9e9109c3456d46a1aea96971d0577986ccb82a78436ffdec63a3b740794dab4194d7493b
SSDEEP

6144:OZC4d3lbxc6wU/UP+XhdMRFD3LAwektNtoSk6P:34dMRU/UP4heFjLDFtNtoSP

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5012-0-0x0000000000400000-0x0000000000480000-memory.dmp	upx
behavioral1/memory/5012-35-0x0000000000400000-0x0000000000480000-memory.dmp	upx
behavioral1/memory/5012-37-0x0000000000400000-0x0000000000480000-memory.dmp	upx
behavioral1/memory/5012-38-0x0000000000400000-0x0000000000480000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	System Transparency.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
5012	System Transparency.exe
5012	System Transparency.exe
5012	System Transparency.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5012	System Transparency.exe
5012	System Transparency.exe
5012	System Transparency.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5012	System Transparency.exe
5012	System Transparency.exe

C:\Users\Admin\AppData\Local\Temp\System Transparency.exe
"C:\Users\Admin\AppData\Local\Temp\System Transparency.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\systemtransparency.ini

Filesize
179B

MD5
b76b874bbecefedebdab5345efc3246a

SHA1
2c6928c2d5ad1307efa66a4859e2dc1f8a77599b

SHA256
927b18985e3bc7e4f64b154f8111b2496ee7b43328fd6500ec592df920bf272e

SHA512
b331203ca99fa3a9b4b9a7143b8ab8c93147477b101e9bbbbcd8a899289b2ab28eaa8ca2c2bdd66e3fe6f9cbc8db0d4d6b7b719fe6c11cf438f6143989c203bb

Download Submit
C:\Users\Admin\Documents\systemtransparency.ini

Filesize
107B

MD5
4e75a8373361fe1e39264320eb294121

SHA1
9febb3ecf33538853c22850efc40b306c0c32f2d

SHA256
9f6ad0998a6c14e55ee0c0552cfe6cc26da80736781b9fa0133c47f34fd774f7

SHA512
2a1e49c06c46a217d79e1cf01985ba6b8b1c693d2e1c03d3b23297d57ff26806a04237e6d99645db939c55801f4862b46a8511776225b11f411e41b3d661b8bc

Download Submit
memory/5012-0-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/5012-35-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/5012-37-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/5012-38-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download