80aefd84c1adac1ff073f07ce361165a2085bdd7760cad4da19fa14c4e729294

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

no$crypter.exe
Size

995KB
MD5

5d051c389e7082d38e95081f8852e4bd
SHA1

7cb6c1bf819eb15ab6237281c3777452bfabdb63
SHA256

80aefd84c1adac1ff073f07ce361165a2085bdd7760cad4da19fa14c4e729294
SHA512

7f4eea7d2023d933b0085472f2e012bcf9c115f189b4a604b20523834ce10fcb096aff1bd199b9de6b69f7a9213ac6a8b4d9afb8997bcaf8e02350804cb498b2
SSDEEP

12288:fc05vPSEtIdpaf4u9jEwjibu8kCKiuUC:fc05HSEtIdgfZjL0u8kCKiuUC

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	no$crypter.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	no$crypter.exe

C:\Users\Admin\AppData\Local\Temp\no$crypter.exe
"C:\Users\Admin\AppData\Local\Temp\no$crypter.exe"
1⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
c4f92d48134e9f4e2db1ac6df8cdc459

SHA1
cad49b3bbeac81f3f414927c1f956074091eeb4b

SHA256
f25890b940612d8301762e1c25f67878a141947eb500ce7a17fbc24fc647e13d

SHA512
248da680bd39b73f10b97fcb489432c2c4783f616c5abe29c7da357e01df8d9b05085a13febc6eeff5e8adf56c7de48ae0320740d40cd95227427ad7638d17f7

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
349d994fbf989fc21c03e1d474fb158b

SHA1
79817272e5178c3252bc1b62c50637e454b12efa

SHA256
868a9e7430f83a900e6394758450eb874d823317e7e86ebbb7e8c652d486f3cd

SHA512
d65cb00b0acdb83cdbff1db58cd0b88eb38130ff0c2c644a3df324a604e96625022ea38535350d55f891325b29eacbd15701f5a2f73e07397768c122f6ad2e78

Download Submit
memory/1164-48-0x0000000074D10000-0x00000000752BB000-memory.dmp

Filesize
5.7MB

Download
memory/1164-3-0x0000000074D10000-0x00000000752BB000-memory.dmp

Filesize
5.7MB

Download
memory/1164-2-0x0000000074D10000-0x00000000752BB000-memory.dmp

Filesize
5.7MB

Download
memory/1164-1-0x0000000074D10000-0x00000000752BB000-memory.dmp

Filesize
5.7MB

Download
memory/1164-0-0x0000000074D11000-0x0000000074D12000-memory.dmp

Filesize
4KB

Download
memory/1164-49-0x0000000074D10000-0x00000000752BB000-memory.dmp

Filesize
5.7MB

Download