Overview

overview

7

Static

static

3

9c0d360b79...0N.exe

windows7-x64

7

9c0d360b79...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c0d360b79fe9db355cb17b3e02b5f10N.exe

  • Size

    894KB

  • MD5

    9c0d360b79fe9db355cb17b3e02b5f10

  • SHA1

    3d2179ebd8bde81bcde0127b704ea5c3924a3781

  • SHA256

    73a23b02194373385bd1e5a80678f4c360597f5d52a06b850732bcfd948d564b

  • SHA512

    b02d4ee3a2d06c6597f273c1690ddca1651dbd387924e6204baa6ffd1846978400e06b16e39d81c443876d9e261ec76b867d8425b400858a5f8bb9ca17cb1d45

  • SSDEEP

    12288:4jauDReWGsLMwoFP8iCpgfts+ixiZ9UR32MTOcRDhiBb/r:4DDNvdpyts+ixiYRcuDEBrr

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c0d360b79fe9db355cb17b3e02b5f10N.exe
    "C:\Users\Admin\AppData\Local\Temp\9c0d360b79fe9db355cb17b3e02b5f10N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\ProgramData\emarwd.exe
      "C:\ProgramData\emarwd.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:3044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache .exe
    Filesize

    894KB

    MD5

    4b4496aa61b36f7fea0baf8d075d7ad1

    SHA1

    128d7a31dd780ae55dc7e0782eb659a8f0a16cbc

    SHA256

    5dd97088fed36b71e0cad31f9f2088e60f1c23b2582c645931588e09830246f0

    SHA512

    0c2cd0c6c850491177d3f741f47340ae6826ce0726ba09f182f414035c3f92ac5f2253377150fa344c89a4756267f887ed124b1691d6534e04acbaf23876caac

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\emarwd.exe
    Filesize

    757KB

    MD5

    7e2254b7954a8218ebe24927dafd4157

    SHA1

    9fe490f399e3d9d029b47d1b14ef383a0d123ae7

    SHA256

    e0e03baa59c2964174ca2e6d02a524bd56187d045af276907c5e114532da999b

    SHA512

    4216220019f453bca5204064269432f1e54b87d46f8b3b1d5407be039363bcd2b9c08c1fa47a6adadab5167dc123aa9a94c5c82c549985fb9f785fd81b59a23c

    Download Submit

  • memory/2392-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2392-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2392-12-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3044-131-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download