Analysis
-
max time kernel
23s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
17-08-2024 08:40
General
-
Target
New Order 01.exe
-
Size
1.2MB
-
MD5
8b4dd7361f14f8976387a44bb9bc846b
-
SHA1
9bb7febab49e75e8234718806c94513ce149d79a
-
SHA256
ae7d55977f010445b83b1eb544c65afe7cbd14e49ce0e47ea9939c7f010f214e
-
SHA512
ce0c2f0801d750d62ef7b63ecdef3ee960407bd4c4e055b73568ae9ad73ab499f16c096940fafb65acb123489d88289c00e0eba794c82714b8109b74da7dd298
-
SSDEEP
24576:LAHnh+eWsN3skA4RV1Hom2KXMmHahgURDzjXmHbmb0O5:mh+ZkldoPK8YahzRD0uh
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\New Order 01.exe"C:\Users\Admin\AppData\Local\Temp\New Order 01.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"C:\Users\Admin\AppData\Local\Temp\New Order 01.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282KB
MD5c25908ee46c66fc5a2488a3c62e8f8b8
SHA1711d24f396e0dd1f51d5b98cb35c3e89e4040c49
SHA256983305dfc1e061e188bf239a02c57146f179c0f8f41b359a60dd182a6012719d
SHA512a77da3994c8469e4f2f5f242da0bc7ba36d02ecf371c7b1d351a38ee09fa4fc4aa6e21d7efa1ca802ac6cee5cb8192d1fb7189d892d408d921f2fe2543e49675
-
Filesize
16KB
-
Filesize
284KB
-
Filesize
284KB
-
Filesize
3.0MB