3f04b43a185765baf8d5c12a892f7f3942f150e14acc7609580f005b6a473147

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 05:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c09b6dd488d86f12885b77673fc0a250N.exe
Size

81KB
MD5

c09b6dd488d86f12885b77673fc0a250
SHA1

766ade4f52f75f6dc6f7da14b18fd633f33d7ee3
SHA256

3f04b43a185765baf8d5c12a892f7f3942f150e14acc7609580f005b6a473147
SHA512

964633883414c893e0ba51323c8d233292ff907d25891a094cab3185c60f6097c67ba87bae038fdfceda498e36cfbdd5e902871e4fb618bb9ae3c009913e616a
SSDEEP

1536:WmN0NcZstN+FOM8Dgmn2bg2ifKMoI8b0BlTc+X996WDvM3A8E:JL6n2bg2ixoI84B9c+N8ikQ8E

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2128	c09b6dd488d86f12885b77673fc0a250N.exe

Executes dropped EXE 1 IoCs

pid	Process
2128	c09b6dd488d86f12885b77673fc0a250N.exe

Loads dropped DLL 1 IoCs

pid	Process
2992	c09b6dd488d86f12885b77673fc0a250N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c09b6dd488d86f12885b77673fc0a250N.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2992	c09b6dd488d86f12885b77673fc0a250N.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2992	c09b6dd488d86f12885b77673fc0a250N.exe
2128	c09b6dd488d86f12885b77673fc0a250N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2128	2992	c09b6dd488d86f12885b77673fc0a250N.exe	31
PID 2992 wrote to memory of 2128	2992	c09b6dd488d86f12885b77673fc0a250N.exe	31
PID 2992 wrote to memory of 2128	2992	c09b6dd488d86f12885b77673fc0a250N.exe	31
PID 2992 wrote to memory of 2128	2992	c09b6dd488d86f12885b77673fc0a250N.exe	31

C:\Users\Admin\AppData\Local\Temp\c09b6dd488d86f12885b77673fc0a250N.exe
"C:\Users\Admin\AppData\Local\Temp\c09b6dd488d86f12885b77673fc0a250N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Users\Admin\AppData\Local\Temp\c09b6dd488d86f12885b77673fc0a250N.exe
  C:\Users\Admin\AppData\Local\Temp\c09b6dd488d86f12885b77673fc0a250N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c09b6dd488d86f12885b77673fc0a250N.exe

Filesize
81KB

MD5
5d803a5946d1284cb205713aaacc1ad4

SHA1
0d96af9fe87c226215957200014dc1f3fad6a0b5

SHA256
c23c49ce647e659fc144a9a90252a974587470c2c789c94236db31a81f1f3fef

SHA512
2b0fdb6ab3705bd60da6fe6d696d7c994619ccda2465a1591b47ba69cb27369bb00fdf20ce1336807eaf8058fad574067382b0756b580bae93487f68aec5c56f

Download Submit
memory/2128-29-0x0000000000220000-0x000000000023B000-memory.dmp

Filesize
108KB

Download
memory/2128-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2128-18-0x00000000001D0000-0x00000000001FE000-memory.dmp

Filesize
184KB

Download
memory/2128-30-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2992-1-0x00000000001D0000-0x00000000001FE000-memory.dmp

Filesize
184KB

Download
memory/2992-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2992-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2992-12-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2992-16-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download