Overview

overview

10

Static

static

3

2d527493e9...36.exe

windows7-x64

5

2d527493e9...36.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d527493e95a37af81ce778bd0696292aa1e9f936cc84970c047bc868d70ea36.exe

  • Size

    1.4MB

  • MD5

    935c16b84b04d892fb5a262aff32956f

  • SHA1

    d15409dc5d816f2f7702a848dc83c6633bbd8ade

  • SHA256

    2d527493e95a37af81ce778bd0696292aa1e9f936cc84970c047bc868d70ea36

  • SHA512

    08f4482ee30a9d66c1c6969f23ce1f76f859bd75fff8e16007e602a0287d046217999bee9f045744c0aa2dcef95c868bfdc01aa79f616083e42b4e53a7bc5075

  • SSDEEP

    24576:6ZtnYUWiih89GcIB7ql5/p5QCgSFKdAHvNpDGkRlBgVOT1vbtrM9JhZ:6ZtnYUWiih84c0c+3So2PqkLBTKhZ

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d527493e95a37af81ce778bd0696292aa1e9f936cc84970c047bc868d70ea36.exe
    "C:\Users\Admin\AppData\Local\Temp\2d527493e95a37af81ce778bd0696292aa1e9f936cc84970c047bc868d70ea36.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2712
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 200
        3⤵
        • Program crash
        PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2712-9-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2712-7-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2712-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2712-5-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2712-4-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2712-3-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2712-1-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2712-0-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2712-11-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2712-2-0x0000000000400000-0x0000000000533000-memory.dmp

    Filesize

    1.2MB

    Download