Overview

overview

5

Static

static

5

d2bc0b2bb6...70.exe

windows7-x64

5

d2bc0b2bb6...70.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    138s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2bc0b2bb67e8bbb593ca08d0cc70858d7feafcdacc210eef53442caafc1ca70.exe

  • Size

    1.3MB

  • MD5

    f10813affba1b9db77cd760b0eef6d4c

  • SHA1

    91554ee6bd40ab148d1efe3750f3aecd1e8375fb

  • SHA256

    d2bc0b2bb67e8bbb593ca08d0cc70858d7feafcdacc210eef53442caafc1ca70

  • SHA512

    2ba132bd4220054fb1ca37968ca183d2aa8786aecd35851fe691def3cb17a156fdb11e3d628d99f61bbf3a5a335f0f47687b3615ad182ae6502cdfc3feb06910

  • SSDEEP

    24576:gqDEvCTbMWu7rQYlBQcBiT6rprG8ar1olZy10/mtxbSmQCAe2:gTvC/MTQYxsWR7aRof4+mxVjA

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2bc0b2bb67e8bbb593ca08d0cc70858d7feafcdacc210eef53442caafc1ca70.exe
    "C:\Users\Admin\AppData\Local\Temp\d2bc0b2bb67e8bbb593ca08d0cc70858d7feafcdacc210eef53442caafc1ca70.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3288
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\d2bc0b2bb67e8bbb593ca08d0cc70858d7feafcdacc210eef53442caafc1ca70.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aut9EFF.tmp
    Filesize

    279KB

    MD5

    380ba0076624e277a3caf794ad6fc05e

    SHA1

    5c07763891c0d3eeb4b378d8ebf774719d917007

    SHA256

    dee71a41261ea60a0292cad69ae455d1aca336ef92d3a549d9d7a44d5fb4e64d

    SHA512

    3ed8bfa04bcfb7ce21c72cf5f6117e71ee5950f503678eee7c2392d45c0d227f22c8ffafc2f665669d71b832e0b0a545b74ff24a47d62a6b1fd7272ff62fb10a

    Download Submit

  • memory/3288-13-0x0000000002690000-0x0000000002694000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4864-14-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4864-15-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4864-16-0x0000000001800000-0x0000000001B4A000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4864-17-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download