Analysis
-
max time kernel
102s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
17/08/2024, 02:21
General
-
Target
cda4f17dc5842ff1130d56d64f567f30N.exe
-
Size
152KB
-
MD5
cda4f17dc5842ff1130d56d64f567f30
-
SHA1
0c2040e62950bc9eeb68f7afb8388855e8a77d2b
-
SHA256
b3af67e40fe979a3be7f1813e30792ab60c48b63ff64413e63da7eb609824bb8
-
SHA512
fd5654e673b9baad2db1d6c8867871379d94c153e6c351b6c204dfb65f712a7e97d40a252ee8fdad7acf1f0a7b3ff50211fdcb97fb771af5ade38c1c29f848fc
-
SSDEEP
1536:rGYDPjecpE1gegznLU1V+FkOzvZoAUp8aHk+EfesrSd7IfHSp3D8DxNE1lMBV6ys:CCPjecmaxiViUp80s+sfHUzO0MBV6rH
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 2 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cda4f17dc5842ff1130d56d64f567f30N.exe"C:\Users\Admin\AppData\Local\Temp\cda4f17dc5842ff1130d56d64f567f30N.exe"1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\navu32.exeC:\Windows\system32\navu32.exe -d "C:\Users\Admin\AppData\Local\Temp\cda4f17dc5842ff1130d56d64f567f30N.exe"2⤵
- Deletes itself
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\navu32.exeC:\Windows\SysWOW64\navu32.exe -v1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152KB
MD500914c3d9c8c98643217ff6492761843
SHA16a895e11307be5f79c08e2b78eeb2851e5f056ff
SHA2565ebcca26f471c269cdb1c326ef0766a99d29f196390c89d118d81463c5a33f32
SHA512fd5d099a7d0d133f77a7bc5b2e730f1e8c0c23a37ecb85786f33c3653bfc75f8c015b46fbc318541f1b0d500c777644ee39c2905c17ef17342dc0c9dc3b2c056
-
Filesize
152KB
MD5cda4f17dc5842ff1130d56d64f567f30
SHA10c2040e62950bc9eeb68f7afb8388855e8a77d2b
SHA256b3af67e40fe979a3be7f1813e30792ab60c48b63ff64413e63da7eb609824bb8
SHA512fd5654e673b9baad2db1d6c8867871379d94c153e6c351b6c204dfb65f712a7e97d40a252ee8fdad7acf1f0a7b3ff50211fdcb97fb771af5ade38c1c29f848fc
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB