Overview

overview

4

Static

static

1

8e42e6626c...0N.exe

windows7-x64

4

8e42e6626c...0N.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    110s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 06:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e42e6626ce7f39330111e12d1a434b0N.exe

  • Size

    1.7MB

  • MD5

    8e42e6626ce7f39330111e12d1a434b0

  • SHA1

    c6158a4bbce244b152e74d9fa7c538c4b28617fd

  • SHA256

    f07c0cde2bc413a5adbfa8e82c597485cdd5fcefac3c838bfb2054eac719c261

  • SHA512

    a0f8866498f96c6a9c7fe4e99d4ed4cf5885aee0c0a1b9b7396b9c0d34f26072e8272b7bf55e71e064dcd781b42001a1f17524cd2f93a54dbfe1b29790c6f1be

  • SSDEEP

    24576:R7FUDowAyrTVE3U5FxF248wUMYviffyoKna9AuczpBq5FSiMJZyYdWVis:RBuZrEUzx8wUsfVZAjp058JUcWws

Score
4/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e42e6626ce7f39330111e12d1a434b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8e42e6626ce7f39330111e12d1a434b0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4000
    • C:\Users\Admin\AppData\Local\Temp\is-R78QD.tmp\8e42e6626ce7f39330111e12d1a434b0N.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-R78QD.tmp\8e42e6626ce7f39330111e12d1a434b0N.tmp" /SL5="$702AC,866469,820736,C:\Users\Admin\AppData\Local\Temp\8e42e6626ce7f39330111e12d1a434b0N.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-R78QD.tmp\8e42e6626ce7f39330111e12d1a434b0N.tmp
    Filesize

    3.0MB

    MD5

    dc65d58968af1caf476f8fe04ce1923e

    SHA1

    2ee72a403c1232d44c966c0c91a6339e39d16c24

    SHA256

    f8a97de1b3b5e8ec22a2f0ad781275d859f3793dbc7b3cfd0ee0fb249225b9cb

    SHA512

    9acc31858c9521c962fe43cba713d6f636d30a347c182428183f79b623b11b45beb77f14fc277d43d722dbbaadbe1a7eb9dab28e2d36c31321616a7c5566b443

    Download Submit

  • memory/3376-6-0x0000000000400000-0x0000000000711000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3376-13-0x0000000000400000-0x0000000000711000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4000-0-0x0000000000400000-0x00000000004D6000-memory.dmp

    Filesize

    856KB

    Download

  • memory/4000-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/4000-11-0x0000000000400000-0x00000000004D6000-memory.dmp

    Filesize

    856KB

    Download