Overview

overview

7

Static

static

3

d112301bf1...0N.exe

windows7-x64

7

d112301bf1...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 16:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d112301bf13cbade5014316c9b328720N.exe

  • Size

    37KB

  • MD5

    d112301bf13cbade5014316c9b328720

  • SHA1

    0e7e3f07ef429493e3b6e4204e3ab7a4186be3e2

  • SHA256

    cc3da143ed6c3c177dd77e4c0c3ff2cadf684ca33287c8f6b8320c49d1aa05d0

  • SHA512

    5b74ee78a944f6e2c6165b26374be3f104b4bee69b67dc3bae3575c570bd677c111e9a0dcf19bb6b0a4f7298491027753b42c771afc9a65788b7cbee0605dc49

  • SSDEEP

    384:Uc6CNYprcSCJp6hP2zvx/P4d1Hr06eeaQQt+h64LePZpkLCK:Uc6iacSSXxXKF4WQcxL8ZKLCK

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d112301bf13cbade5014316c9b328720N.exe
    "C:\Users\Admin\AppData\Local\Temp\d112301bf13cbade5014316c9b328720N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe
      "C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      PID:1880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\kgfdfjdk.exe
    Filesize

    37KB

    MD5

    72a1f0f2c9cadc87382e88778f077489

    SHA1

    d699edd05dd6117df41b4ce85aff83f3e73e38bc

    SHA256

    bfceea62bec43bc5214ee32522dcf1bf8089757dc6619b24f184b29b8ec394cc

    SHA512

    daa24c84e958c3a8349591df6bb3c13a1b4140a400b5500796382d4447bae980b16f51f3eb281aff71096a290ce99cb15f15c980fd80be8a216077c179545105

    Download Submit

  • memory/2524-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2524-9-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download