Overview

overview

7

Static

static

3

32e90d530e...3a.exe

windows7-x64

7

32e90d530e...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 20:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    32e90d530eb841ef7c59c7fdf406635e36669f1e466e5301cfac6e1647cc5a3a.exe

  • Size

    37.6MB

  • MD5

    fded804791a25af415fed0b54eac35df

  • SHA1

    d5176cf8c2f4f9c8bd47dec111d032f3d672ef7d

  • SHA256

    32e90d530eb841ef7c59c7fdf406635e36669f1e466e5301cfac6e1647cc5a3a

  • SHA512

    1a43ce7276f5d6dd02458a6b4498a67b154e5c6b2e7db8fe70e3cb0e73bf0caf28a69a5b9cbf9c358fee49a12c67b92ce7f7dd400d758b14ac4810fab8ab2bc7

  • SSDEEP

    786432:68jiTUvk/lH3enEMfb926CHPF/FBzBPjy1PtdXWtl1Xv5gSpVIbCP:FjBeFuEW9QHP9FBzB74Gtf/5gUTP

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32e90d530eb841ef7c59c7fdf406635e36669f1e466e5301cfac6e1647cc5a3a.exe
    "C:\Users\Admin\AppData\Local\Temp\32e90d530eb841ef7c59c7fdf406635e36669f1e466e5301cfac6e1647cc5a3a.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Users\Admin\AppData\Local\Temp\is-POCJM.tmp\32e90d530eb841ef7c59c7fdf406635e36669f1e466e5301cfac6e1647cc5a3a.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-POCJM.tmp\32e90d530eb841ef7c59c7fdf406635e36669f1e466e5301cfac6e1647cc5a3a.tmp" /SL5="$3014E,38432490,797184,C:\Users\Admin\AppData\Local\Temp\32e90d530eb841ef7c59c7fdf406635e36669f1e466e5301cfac6e1647cc5a3a.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1244

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-POCJM.tmp\32e90d530eb841ef7c59c7fdf406635e36669f1e466e5301cfac6e1647cc5a3a.tmp
          Filesize

          3.1MB

          MD5

          4f1c910d9555b14424e58b3f6280faad

          SHA1

          bab2213b4658b63272426069325b891f8cb6f29e

          SHA256

          8bc6474b17c5d84c046a0773442dc7e70b72a85597965ea160c7445eab1d5a46

          SHA512

          e3cb69d5bef914df1e1af1042d377824a8fee907d0d45eec62570ebf15ba2e3de61c3c43eb60a7d7c66cf06cdd251a0a57bdd49025bce4c1eb36387864e72d38

          Download Submit

        • memory/1244-8-0x0000000000100000-0x0000000000101000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-11-0x00000000009B0000-0x0000000000CE0000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/1244-14-0x0000000000100000-0x0000000000101000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2120-0-0x0000000001030000-0x0000000001101000-memory.dmp

          Filesize

          836KB

          Download

        • memory/2120-2-0x0000000001031000-0x00000000010D9000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2120-10-0x0000000001030000-0x0000000001101000-memory.dmp

          Filesize

          836KB

          Download