16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
Size

2.9MB
MD5

45bf48355cb84193479d0c644cc94b83
SHA1

96f52c947331fbd449d56e405da2c353e8ca4cac
SHA256

16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b
SHA512

f4b61a0a62d50995387e47c8fed0af0ed4715d72904ea654041f088cb6d982e0718ed68c534d46246f85d4bec38a55c579a86f5eeae6f82ac7eca756654372b4
SSDEEP

49152:yT0+1u7O93G4oitLd6IzbqT67Cd/p8uD8a+MpKmwRZTOxt:Mt1u7k3GuZlXqTICd6uEmP

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
4840	16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe

C:\Users\Admin\AppData\Local\Temp\16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe
"C:\Users\Admin\AppData\Local\Temp\16c3b68a05ee48a91a3df4a64de560506e44925e43cd7db2873916c30577579b.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\config\config.ini

Filesize
30B

MD5
3e9e7c79d3e6ae2273bb8bf552e83535

SHA1
e627b2b5056dab19a07757ba2631658e370dc1c8

SHA256
a18ec6601164b466c8a69a94fdc21ce49e8b166467a0e1f49a605c82bd2c2ba7

SHA512
ec999da6da671b4c134649dd0cccce3708eb4d89ea23a0ce3ad946888279d0ec70bda6a201176dcd70eb04e44e6efe22e92b5c0621231415b160f5ad5e8e70e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcurl.dll

Filesize
188KB

MD5
4b64aedbd50c20c4c12e9ae5e527d047

SHA1
13f709595edfb956dd578cd105bf661ee61b8d70

SHA256
76edf7fef75c9fb997074a45753cf6ffb6ce3bccae616ad5b43d307da7417a4b

SHA512
b6ee6c2d116bbe99d444d041f25dbb7ba6f55ee42503026c4d06564e7813031bcb7689f15e99f95f90e2585c7ba263247ee7da0d321cd49b7bc1511687c58506

Download Submit
C:\Users\Admin\AppData\Local\Temp\libeay32.dll

Filesize
1.0MB

MD5
7cd4a6a552ecc273557b5d88ee0ea708

SHA1
7876dd8776fa62895be1a0436e16cc461318f974

SHA256
74e66ca68896b5c0f3a7b98d3db19bdcaf0c1e4cf0f24496de4b1bd0dbe435da

SHA512
57fb65d0f4ae42718ec42a1cc9f74afcc4c49e632b925c8f5fb2bfdc45544dc6a4f4d8dc4dee72210414d8e539dd4364b8808a7e0823ae313f2b15f6f3f8fdb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ssleay32.dll

Filesize
200KB

MD5
6843590dc7948ed8d25bcae3be7caf9c

SHA1
57d85a85d61c39d54fdf5dc99d92c28f8ee55909

SHA256
bf0622794c7478831986cdfdef8267059deff1b2e2704e955e8504f81de5fdac

SHA512
912b3e61d85a7fed46b89a5a6dcd60f1d763ac8708e75d6eb2e60e35faae22b69b8def048a8eaa10298fc8b96e4a59cde4d4007e1a62d54f499d65526d52ed59

Download Submit
C:\Users\Admin\AppData\Local\Temp\zlib1.dll

Filesize
80KB

MD5
6ed2ddb236060be1f0077bad09861aec

SHA1
4993cc292ec555552370d2c2f56d32b4aaa71a80

SHA256
ff38d86ac9633d3a4f215df77aafc18c353fc5aeb50ee11ff68e4a11b4f51c2d

SHA512
4faaf67f18237e56c5a4b68eafb2d5410268adc90b2700086d3e6b652ae51b4cc9bafca7f3b91277020bb0e41f047c756994f8fe9131cade81061e686f8a1557

Download Submit
memory/4840-20-0x00000000025D0000-0x0000000002602000-memory.dmp

Filesize
200KB

Download
memory/4840-18-0x0000000000920000-0x0000000000934000-memory.dmp

Filesize
80KB

Download
memory/4840-14-0x00000000028D0000-0x00000000029D9000-memory.dmp

Filesize
1.0MB

Download