Overview

overview

10

Static

static

10

malware.zip

windows11-21h2-x64

1

Downloads/...za.exe

windows11-21h2-x64

3

Downloads/...DC.exe

windows11-21h2-x64

3

Downloads/...pt.exe

windows11-21h2-x64

10

Downloads/...ing.db

windows11-21h2-x64

3

Downloads/...ng.exe

windows11-21h2-x64

6

Downloads/...ng.ini

windows11-21h2-x64

3

Downloads/...g2.ini

windows11-21h2-x64

3

Downloads/...32.dll

windows11-21h2-x64

3

Downloads/...g64.7z

windows11-21h2-x64

3

Downloads/...mi.exe

windows11-21h2-x64

10

Downloads/...ns.ini

windows11-21h2-x64

3

Downloads/...35.exe

windows11-21h2-x64

10

Downloads/...40.exe

windows11-21h2-x64

10

Downloads/...on.tmp

windows11-21h2-x64

3

Downloads/...el.exe

windows11-21h2-x64

3

Resubmissions

18-08-2024 08:26

240818-kbzlnsxfnm 10

18-08-2024 08:17

240818-j6x6navale 10

Analysis

  • max time kernel
    130s
  • max time network
    100s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-08-2024 08:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/DC.exe

  • Size

    802KB

  • MD5

    ac34ba84a5054cd701efad5dd14645c9

  • SHA1

    dc74a9fd5560b7c7a0fc9d183de9d676e92b9e8b

  • SHA256

    c576f7f55c4c0304b290b15e70a638b037df15c69577cd6263329c73416e490e

  • SHA512

    df491306a3c8ddb580b7cca1dce9e22a87fd43ca3632f3630cdcbe114bef243e847b2ce774d688f6e142516f2e0fc49d30fad7c7168e627523da21e2fe06836a

  • SSDEEP

    12288:NaWzgMg7v3qnCiPErQohh0F4uCJ8lnyIQJ9QudhzYOekDXiGt8PSmQ:MaHMv6CrrjSnyIQ8+ekGA8PSmQ

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Downloads\C963AEC1-6D52-EB4D-61BC-64DB2602EE5F\DC.exe
    "C:\Users\Admin\AppData\Local\Temp\Downloads\C963AEC1-6D52-EB4D-61BC-64DB2602EE5F\DC.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Downloads\C963AEC1-6D52-EB4D-61BC-64DB2602EE5F\DC.ini
    Filesize

    1KB

    MD5

    dd5a69cfecbd625fd266f3e06c02c614

    SHA1

    eebbfcfc5cb540ad63e0380c63c58ed7364aa800

    SHA256

    d0e7f08d351b5d44916b6f1a65a23c38a36236280bf66d7920326ab6998f10fe

    SHA512

    4f6064829e87ad87712e4cadb221d00c7b1591b43f85e51d4642a849bd4dabf1cca14e1737bc2fe0db8a9d6abfda456fcfc026bc9dcb063124bf4e3e344ce483

    Download Submit