Analysis
-
max time kernel
106s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
21-08-2024 21:05
Static task
static1
Behavioral task
behavioral1
Sample
54df5e1d18f36a2d11eb1687d15a80d0N.exe
Resource
win7-20240704-en
General
-
Target
54df5e1d18f36a2d11eb1687d15a80d0N.exe
-
Size
88KB
-
MD5
54df5e1d18f36a2d11eb1687d15a80d0
-
SHA1
be4c702e9f5b23a02e037bcc6725ea8dae540b71
-
SHA256
2d4f592791dcc72fa4b58c7106a705e7649387f326b6d69db774361a99fae8c2
-
SHA512
5e8712dcf2c4324c6d76d4dc0bf3f8ad3c26dec4c16595b4201585766eb17a2789cbc90cb60416aceac101f252676996f1bd55e77238babd3c32a265740d2a87
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yE3:6D0ctAVA/bmxIMnoKjyR/N3
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/193868-540760-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/memory/193868-540762-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/memory/193868-540765-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/memory/193868-540766-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/memory/193868-540767-0x0000000000400000-0x000000000040B000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 54df5e1d18f36a2d11eb1687d15a80d0N.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2512 54df5e1d18f36a2d11eb1687d15a80d0N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\54df5e1d18f36a2d11eb1687d15a80d0N.exe"C:\Users\Admin\AppData\Local\Temp\54df5e1d18f36a2d11eb1687d15a80d0N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\54df5e1d18f36a2d11eb1687d15a80d0N.exe"C:\Users\Admin\AppData\Local\Temp\54df5e1d18f36a2d11eb1687d15a80d0N.exe"2⤵PID:193868
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\LYHIT.bat" "3⤵PID:54576
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
149B
MD56831b89d0b8dc3e07588d733e75c122b
SHA18c70088c3224bbaf535ed19ec0f6bd5231c543be
SHA2569fe102f2c6dff35f03787b85f725d12347cf491c897730a7f2e818f65177ffc2
SHA512699fb44a25032ee4ad0ace1f941c826b333baddb65049c22e80b272909e85f4c8a00fef73fe2d97fa8998a0b6969b13461237bfc1e8f9bf711849d17d0cda6da