37289ff8dfa6c96ec0b204b747b6ec42b2599aad79bcb8bbdd7a5e1c34605186

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dd3a513a7639a37aee62b92d2f078e0N.exe
Size

115KB
MD5

0dd3a513a7639a37aee62b92d2f078e0
SHA1

9209c7176a8d096068721065d7131a2eef3f4fc8
SHA256

37289ff8dfa6c96ec0b204b747b6ec42b2599aad79bcb8bbdd7a5e1c34605186
SHA512

14db6837cb5ba6d0a9e9ace693c09d13337185c5b19598bc4b5ad830bb2b119aca59ddbe59c5145247d8060a155718b43daccda8d16f21a5191011a70160c58c
SSDEEP

384:OPP1svHMbR4PRdixlu09HNqmbYpjZHgzix0MFbJWC5sP6tVxBk:OPP1dbfbUgziPbh5sPsBk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
828	senis.exe

Loads dropped DLL 2 IoCs

pid	Process
1688	0dd3a513a7639a37aee62b92d2f078e0N.exe
1688	0dd3a513a7639a37aee62b92d2f078e0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0dd3a513a7639a37aee62b92d2f078e0N.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1688	0dd3a513a7639a37aee62b92d2f078e0N.exe
828	senis.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 828	1688	0dd3a513a7639a37aee62b92d2f078e0N.exe	30
PID 1688 wrote to memory of 828	1688	0dd3a513a7639a37aee62b92d2f078e0N.exe	30
PID 1688 wrote to memory of 828	1688	0dd3a513a7639a37aee62b92d2f078e0N.exe	30
PID 1688 wrote to memory of 828	1688	0dd3a513a7639a37aee62b92d2f078e0N.exe	30

C:\Users\Admin\AppData\Local\Temp\0dd3a513a7639a37aee62b92d2f078e0N.exe
"C:\Users\Admin\AppData\Local\Temp\0dd3a513a7639a37aee62b92d2f078e0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\senis.exe
  "C:\Users\Admin\AppData\Local\Temp\senis.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\senis.exe

Filesize
115KB

MD5
83e33f085c1ea0bae5f0ca5675396a1b

SHA1
edd01b801fd875b0f2f7bc81eeed5dee4d01cbc6

SHA256
b3db95b557aaab0ecc8e79db74521d2ebb31c4f1561dbe68111f7b91249b674d

SHA512
4fbd3fbca088669047721aa6a295ba0cf48fb454bb18f0db55b16ba9bcfa37b696567646f647859ddc76502dd7823cf6eaea891c109ef015dbf1853687b54bd2

Download Submit
memory/828-19-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/828-21-0x0000000000420000-0x000000000043C000-memory.dmp

Filesize
112KB

Download
memory/1688-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1688-9-0x0000000000420000-0x000000000043C000-memory.dmp

Filesize
112KB

Download
memory/1688-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1688-7-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download