Overview

overview

7

Static

static

3

9bb9440b29...0N.exe

windows7-x64

7

9bb9440b29...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 17:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9bb9440b291b1b9e2970ac0a67ee13a0N.exe

  • Size

    409KB

  • MD5

    9bb9440b291b1b9e2970ac0a67ee13a0

  • SHA1

    30823a4f3ff575df248449c98fd00321ccbf2c07

  • SHA256

    277705bad5bc284a94718bd295cc9c58cd34fa95d0f5ad755d499d213b9733e2

  • SHA512

    364e5ff1aa686a2d5bd9c5a1c5ac9cfcf68459cd434408145021dcb449e2b700b1ec0b5711130bf4bda8735995082ed5535f224a7ea73b8e82ac2f308ff0b468

  • SSDEEP

    6144:ho+k6sXkPV9WBtpypFBK4Tu/6xGjxi/LCeRjOQQ97aJ/ETLM42HSCT55GQCVsHE1:GrWcDkpFBK4TuEGqRsVrTLN+bGQCKy

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9bb9440b291b1b9e2970ac0a67ee13a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb9440b291b1b9e2970ac0a67ee13a0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3680
    • C:\Users\Admin\AppData\Local\Temp\6C47.tmp
      "C:\Users\Admin\AppData\Local\Temp\6C47.tmp" --pingC:\Users\Admin\AppData\Local\Temp\9bb9440b291b1b9e2970ac0a67ee13a0N.exe 87609F567C74F7AB7FCAA85AE8C1FCB35C3A8230E04F48641DFB430301BF365F4343AA5786BF7F9C360230180FBCE912A1166EB9D7367C86EB8CEA811BE165AF
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Modifies registry class
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\9bb9440b291b1b9e2970ac0a67ee13a0N.doc" /o ""
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2504

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\6C47.tmp
          Filesize

          409KB

          MD5

          35902f64b09404b21017711dc70b94cd

          SHA1

          2b59fe260c42d947b833b5d5e8d2ee6992e85b88

          SHA256

          50b5682326fdcd7b697613644d3f2c9346d6cbf866bc9c93ff5c2ae477f5a90c

          SHA512

          912fb9dbe3d50899f19870cc02147ae696f0b687d243c3bf3727f8cd1f5510a692b31efec01795e1ca6f1493e07506c1ba59c8dc354827098c7d864e542459da

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\9bb9440b291b1b9e2970ac0a67ee13a0N.doc
          Filesize

          21KB

          MD5

          12e57ae08f64353b3c3b3d08681aaaf1

          SHA1

          36b6aca282497c65d41513b231d247b0187651f1

          SHA256

          07498e905c47bfea983587265b88eb01bc6098978c375c71074b9469a99b4308

          SHA512

          aba2748b1b5d26f52a93bbfabbd4760435b06d6c449631930e7db339c5317429f59cc24709515707cdda34956c73d30e60b83b81986873eb544b1040388748a8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TCDBC95.tmp\iso690.xsl
          Filesize

          263KB

          MD5

          ff0e07eff1333cdf9fc2523d323dd654

          SHA1

          77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

          SHA256

          3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

          SHA512

          b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          2KB

          MD5

          b5d8f4de5daebdf76911c5c6216df8ac

          SHA1

          2755074231e03c3e27c2296d6419e2211d9d4057

          SHA256

          ac3b47281edfe207b1bde8257eeccc3a745bbcfeb55fdcc4242349565e22b7d2

          SHA512

          4f3434705ae83b43da95af4162dec202b4022b032ac6efdda849d6bc73a64d2a6c011cead82a046e48dfc3d4d82f64f9a34c68e3db5541f168b5c040c7c2d728

          Download Submit

        • memory/2504-34-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-36-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-18-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-20-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-21-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-23-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-22-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-27-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-29-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-32-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-31-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-30-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-16-0x00007FFAC92ED000-0x00007FFAC92EE000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2504-33-0x00007FFA86FD0000-0x00007FFA86FE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-35-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-14-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-28-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-26-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-25-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-24-0x00007FFA86FD0000-0x00007FFA86FE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-19-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-17-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-49-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2504-15-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-13-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-384-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-383-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-385-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-386-0x00007FFA892D0000-0x00007FFA892E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2504-387-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

          Filesize

          2.0MB

          Download