Overview

overview

7

Static

static

3

53492bb7c7...0N.exe

windows7-x64

7

53492bb7c7...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18-08-2024 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53492bb7c7307cda1f8818ce138b23a0N.exe

  • Size

    67KB

  • MD5

    53492bb7c7307cda1f8818ce138b23a0

  • SHA1

    acda3998632c6d525b91ff70f464aa49c78bb4d4

  • SHA256

    36fe5133ebc5a4431d3675acf6ec321da085f44aff574640bd43a4aa2ba13051

  • SHA512

    2a3ad1da1ee1425be9a18bc09a2c0f5cd90365af24149ba79ca26d610b2f16f8bed537e347eae5380d146831fb9fa9ab2021fed42081f7fa62715286c09280b5

  • SSDEEP

    768:zTAiYUVaQDKVSputCPsED3VK2+ZtyOjgO4r9vFAg2rqcjeZ8GswSD/E20Pzf:HAqamKwugYTjipvF2PeoE2af

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53492bb7c7307cda1f8818ce138b23a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\53492bb7c7307cda1f8818ce138b23a0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
      "C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\fcbnaf.exe
    Filesize

    68KB

    MD5

    171c264fd705eab99fe00c2e45d391cd

    SHA1

    1f594b498d84e5b744fbed51358b7052548af295

    SHA256

    aa284fd5920c9f300101dc072f8f314153c2493581faa89ffffa8ea4989fcd7e

    SHA512

    85eacef9892a9c9cf02db7ecb2e51201b8f707c5db8e6b992427a83929630c9a5f9f211f6268e5e82c94f85d642b48fcfcc2e47e769e0f1b1cb8363d498ee345

    Download Submit

  • memory/1864-1-0x00000000002D0000-0x00000000002D5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2232-8-0x0000000000250000-0x0000000000255000-memory.dmp

    Filesize

    20KB

    Download