248b01152b74b397cac3caaf27564bad741bb5af31e43dd02806953c95a757ff

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

248b01152b74b397cac3caaf27564bad741bb5af31e43dd02806953c95a757ff.exe
Size

1.5MB
MD5

d48ded47c2d8e7a298dc5f1bce1aaec8
SHA1

b3c577e9f0d7a4f7b2014053955595e336045e90
SHA256

248b01152b74b397cac3caaf27564bad741bb5af31e43dd02806953c95a757ff
SHA512

300dfdbea3d2f4eda0b9a5b3059e3f5fa0ec8913dd6ffd726c4f658515e0dea108606fe41bd26c3e062088dac139331ff226c847bb656cd1aad151ef4e5d03cf
SSDEEP

24576:8LiIaZj5NGMbMZQx/OkmuRgsOK1pf/OGQdZUkWNN15e:8LxSjTZMZQx/OkmuRgsOK1pf/OGQdZUH

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1880	248b01152b74b397cac3caaf27564bad741bb5af31e43dd02806953c95a757ff.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	248b01152b74b397cac3caaf27564bad741bb5af31e43dd02806953c95a757ff.exe

C:\Users\Admin\AppData\Local\Temp\248b01152b74b397cac3caaf27564bad741bb5af31e43dd02806953c95a757ff.exe
"C:\Users\Admin\AppData\Local\Temp\248b01152b74b397cac3caaf27564bad741bb5af31e43dd02806953c95a757ff.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
518KB

MD5
a912086e768f7806891bc260eadf369f

SHA1
3d78976a94b7c9acef9c95c1ac3c80995e9bbffc

SHA256
d0910fba768db40a949129c81fb8ca0901dbf15ef07289679b9ca45bec347b7b

SHA512
67ffafe261c8ccd75fa106f8624df0ad944c2d01f76a2a7ebc72ea7cdbd733220b62c477015f9c7be58f61be839d20e42354b65ae0f3ac7654110732af73d1ff

Download Submit
memory/1880-0-0x000000007444E000-0x000000007444F000-memory.dmp

Filesize
4KB

Download
memory/1880-1-0x0000000000CF0000-0x0000000000E6A000-memory.dmp

Filesize
1.5MB

Download
memory/1880-6-0x0000000074440000-0x0000000074B2E000-memory.dmp

Filesize
6.9MB

Download