Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
22/08/2024, 18:45
Static task
static1
Behavioral task
behavioral1
Sample
077a4447e4dc73de0fdddb4416ad5550N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
077a4447e4dc73de0fdddb4416ad5550N.exe
Resource
win10v2004-20240802-en
General
-
Target
077a4447e4dc73de0fdddb4416ad5550N.exe
-
Size
640KB
-
MD5
077a4447e4dc73de0fdddb4416ad5550
-
SHA1
73a05a38ed794a2f7bdac2e983304a0905fa25d3
-
SHA256
26874faa895d0bd4098f5ea1a70f8553072f7d87c374b074ec5377ceb26dce42
-
SHA512
f02836a81be3e453be0221f84a5f6c6f9e5a72ca575a0980655779b85a9fc5308dd754d93d8e1d60c59684ec9c40d3afe16a2b5e2090a08b0055a10e1f01e485
-
SSDEEP
12288:wmz1UU6cSJQq9lnWhVQ5zCD4TyWN9VysX7ryTk2osi9:wmzjgQ4lnWhVQ5zY4xN9VyUUkV19
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2892 077a4447e4dc73de0fdddb4416ad5550N.exe -
Executes dropped EXE 1 IoCs
pid Process 2892 077a4447e4dc73de0fdddb4416ad5550N.exe -
Loads dropped DLL 1 IoCs
pid Process 2852 077a4447e4dc73de0fdddb4416ad5550N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 077a4447e4dc73de0fdddb4416ad5550N.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2852 077a4447e4dc73de0fdddb4416ad5550N.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2892 077a4447e4dc73de0fdddb4416ad5550N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2852 wrote to memory of 2892 2852 077a4447e4dc73de0fdddb4416ad5550N.exe 31 PID 2852 wrote to memory of 2892 2852 077a4447e4dc73de0fdddb4416ad5550N.exe 31 PID 2852 wrote to memory of 2892 2852 077a4447e4dc73de0fdddb4416ad5550N.exe 31 PID 2852 wrote to memory of 2892 2852 077a4447e4dc73de0fdddb4416ad5550N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\077a4447e4dc73de0fdddb4416ad5550N.exe"C:\Users\Admin\AppData\Local\Temp\077a4447e4dc73de0fdddb4416ad5550N.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Users\Admin\AppData\Local\Temp\077a4447e4dc73de0fdddb4416ad5550N.exeC:\Users\Admin\AppData\Local\Temp\077a4447e4dc73de0fdddb4416ad5550N.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2892
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
640KB
MD54d9979fa47f357622dc702e58ad8e791
SHA1da37032a511d9b8209b31771813af72b46d42496
SHA2562d6702b4d522311e67b3efdd949fbda097cae7b611361ec8e03f2c5e80c94838
SHA512ae2e81098d964eef69bda3ed8e554f0630c9f23cf8168d7706ccdd855a217967bcea7a8f8009a87542140a4afa5eb266291030040c3bfb8ff5bbaea2d0a3477f