83323646ba45547cb37bcdf6b3fb61c84ed991d8e9da1e2f8543c31cfaac54a1

Analysis

max time kernel
79s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 18:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73a9ded1bb16c2deae0530341554a4e0N.exe
Size

209KB
MD5

73a9ded1bb16c2deae0530341554a4e0
SHA1

e2ffca49f547df8f7059c1cfe5c589bb3deee4c2
SHA256

83323646ba45547cb37bcdf6b3fb61c84ed991d8e9da1e2f8543c31cfaac54a1
SHA512

42316e6ac6b1aa13d266909ae681504c0f3cd61b54a28be795e28925b41645d2b1110d7be13c7dceb9a1a23d6f7d5f468c39a2f2740e4c163771ed449af14ac6
SSDEEP

3072:TJzvlr/y2qnUgkkeZVplSTgcHesuNECcYvSb0pgNAidCwoElCuWefXZV+s:TJhsm/ZnsccHuNECcYvs06AidwEltfXp

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1704	73a9ded1bb16c2deae0530341554a4e0N.exe

Executes dropped EXE 1 IoCs

pid	Process
1704	73a9ded1bb16c2deae0530341554a4e0N.exe

Loads dropped DLL 1 IoCs

pid	Process
2536	73a9ded1bb16c2deae0530341554a4e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	73a9ded1bb16c2deae0530341554a4e0N.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2536	73a9ded1bb16c2deae0530341554a4e0N.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1704	73a9ded1bb16c2deae0530341554a4e0N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 1704	2536	73a9ded1bb16c2deae0530341554a4e0N.exe	30
PID 2536 wrote to memory of 1704	2536	73a9ded1bb16c2deae0530341554a4e0N.exe	30
PID 2536 wrote to memory of 1704	2536	73a9ded1bb16c2deae0530341554a4e0N.exe	30
PID 2536 wrote to memory of 1704	2536	73a9ded1bb16c2deae0530341554a4e0N.exe	30

C:\Users\Admin\AppData\Local\Temp\73a9ded1bb16c2deae0530341554a4e0N.exe
"C:\Users\Admin\AppData\Local\Temp\73a9ded1bb16c2deae0530341554a4e0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\AppData\Local\Temp\73a9ded1bb16c2deae0530341554a4e0N.exe
  C:\Users\Admin\AppData\Local\Temp\73a9ded1bb16c2deae0530341554a4e0N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\73a9ded1bb16c2deae0530341554a4e0N.exe

Filesize
209KB

MD5
e82533ffb40706e7bcfbab1d936cdf1f

SHA1
66690b8d9c7ce9c1f809b7ca2ff6bc9342f78fa5

SHA256
37c85546049d1a2658187e3bf7e3586d0e04f8ebbef56a0b7c004a3e7d64f31f

SHA512
f0c3a2e94841be014129d4a61043111927044109ea05e5fc3a30c230f2a27ea21c6e2eec18e39abfedf5733bc82800cf063c678e08c2e0dca1d634f4718875ec

Download Submit
memory/1704-10-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1704-16-0x00000000001B0000-0x00000000001F0000-memory.dmp

Filesize
256KB

Download
memory/1704-11-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1704-17-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2536-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2536-8-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download