c49f0320eeab8dd644ba344a2039b4de48a26ef77c05eb069721477f0cd182ba

Analysis

max time kernel
129s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlinkxBroadbandTV.exe
Size

350KB
MD5

bd2f6416721df0b07d02350359f9f669
SHA1

2292c9d37e8b2a8c4a4c6249363c22dcc739a573
SHA256

b41362bcbb5aed2fa09709964994075b9c59ac7d3dd926b1ee94c96dc61759e4
SHA512

2a044cfeaa79fb4f3fb624052bed3cd78033c59f044e38c80779ec138a2229ec0a260d021761df7121a00a266829aca6f5974da6d60cb6dfa77076de7647d6d2
SSDEEP

6144:zcG5HEI6K7F4vZhG6d1onsrjNP4/VJwarZYCPcRgzuxk4BrhdBsNpd/YWXokChKa:ziIzpsZhD549JwaVjN6CU3mND/Y2ChKa

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral24/memory/3828-0-0x0000000000400000-0x0000000000502000-memory.dmp	upx
behavioral24/memory/3828-52-0x0000000000400000-0x0000000000502000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlinkxBroadbandTV.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3828	BlinkxBroadbandTV.exe
3828	BlinkxBroadbandTV.exe

C:\Users\Admin\AppData\Local\Temp\BlinkxBroadbandTV.exe
"C:\Users\Admin\AppData\Local\Temp\BlinkxBroadbandTV.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\data\bbtvconfig.ini

Filesize
151B

MD5
d182e65ec5d88d102936dca7251d4595

SHA1
80d34c12eda15067735f352ef99ea25574b2b93b

SHA256
c7fd5846ad64c94576f8ba1d49099e3c7dede3e321e1030f13ac2ed7a8b0a799

SHA512
05d05f9293ca2638019f25a56bcf4bb72eb44c2134da3425dbd213f0e8ed5ced26c96744c0710074c43ca88f605963475f0b36ac9acebb3384e1d56e9f01b4ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\bbtvconfig.ini

Filesize
238B

MD5
ff241ee30c12d4f738ea693d05c10606

SHA1
694953a0ce81183d75f84407e6f57f71730ea6e9

SHA256
ea3e944f2ece17b40a73f40dbda8bca3227958ad1b1ac74761f6e13a6e310c0f

SHA512
fea25dd9385e60562a50056b744dbd1cc28036ddf43843d906ea33872bae3b6c58a67994a1da8c60d122e330d31026fabcff6e38a766b4de87006791c1bac29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\bbtvconfig.ini

Filesize
275B

MD5
6ba3671ebceff9ce375d6a6a33a962dd

SHA1
1e8b8ecd8468402e3784771b7236a0ea095f7863

SHA256
efec57e17915562dadcc717349ae779629dcd4fd2c20dce4215f1487553835d5

SHA512
a1b46b47d1a8b87f31d46e95db4ddad287f1e9b82d94450db308a3af59dbc3d3db9f81de42072fdf42eb20f87e424175db7ee15b9bc7477ba3ca01331a5d000b

Download Submit
memory/3828-0-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/3828-52-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download