f987ddd3e81e4940c85ce8e9f3e3ed020558b7fbc6d0dcbbac588efc5e632a7e

Analysis

max time kernel
118s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 04:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e588120c582ababbe746f70d6bad6080N.exe
Size

984KB
MD5

e588120c582ababbe746f70d6bad6080
SHA1

8cf9cf9eab37fd2157cf4b6875e52447d99190ed
SHA256

f987ddd3e81e4940c85ce8e9f3e3ed020558b7fbc6d0dcbbac588efc5e632a7e
SHA512

74a9cea0dccd32292602d6da00c8023b7768848042711daf8cd4d07ba650392b22595119ff5201d4ef18d08544efac76d2b194b9931ace6a4d83600d6114412e
SSDEEP

12288:N2ToLD2QfWUEknSsmjj/UVF4ToSjZGO+16TjMVJK1P5aEL3U3yhxoeVs7:NkuPfWsnnw/UV+oSjZemMVcRaL2vq

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSNCore = "C:\\Users\\Admin\\AppData\\Local\\upNext.exe --i"	e588120c582ababbe746f70d6bad6080N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e588120c582ababbe746f70d6bad6080N.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3316	e588120c582ababbe746f70d6bad6080N.exe

C:\Users\Admin\AppData\Local\Temp\e588120c582ababbe746f70d6bad6080N.exe
"C:\Users\Admin\AppData\Local\Temp\e588120c582ababbe746f70d6bad6080N.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4400,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8
1⤵
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e588120c582ababbe746f70d6bad6080N.exe

Filesize
984KB

MD5
50992b4e75fcce947ab806f35869dffd

SHA1
88d8420672146feeda28875a2ef731ee364faed3

SHA256
31a8e22995e10c9cb5909364361e1ca3460dae3a388baa9169a26d4def11d8ba

SHA512
c6abcdecbe23653a1e65f0d435c91ea18c7cd1c5145262fd2e5498001c87c2de2c82dd7a53d221213ac9211357d7723f06135893dd1deea8ed76e25220828bb3

Download Submit
memory/3316-11-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-4-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/3316-5-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-3-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-10-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-2-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/3316-12-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-13-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-14-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-15-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-16-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-17-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download
memory/3316-18-0x0000000000040000-0x0000000000139000-memory.dmp

Filesize
996KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads