Overview

overview

8

Static

static

3

f61a96c699...0N.exe

windows7-x64

8

f61a96c699...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23-08-2024 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f61a96c699b217ecd4f8aad6fec54e10N.exe

  • Size

    139KB

  • MD5

    f61a96c699b217ecd4f8aad6fec54e10

  • SHA1

    0978f4becfdc96fa331fbe04ecf851f3bdb5f85a

  • SHA256

    2de55f60d3815a84a49ca77e377539cb2c13d23be6a873b5d3897f60c5e81e5b

  • SHA512

    6de0a1ddac15591dadc2b1c2ea1d7240ea9709244d4951004916697aeb32ca49db9a47b14447c39afa1444c23d0032b5d64efcb90dc819fdb9be60455a0c90f5

  • SSDEEP

    1536:rC2/fYuPfbESFYXRWhpKRycRd57JkIqFHhzm4hWru/BzihhMN45MF5FvHP132xPT:r7YubEwYXRWhpAJUHhzm4hUukS6Kmecl

Score
8/10
discoveryevasionexecution

Malware Config

Signatures

  • Stops running service(s) 4 TTPs
    evasionexecution
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Launches sc.exe 4 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f61a96c699b217ecd4f8aad6fec54e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\f61a96c699b217ecd4f8aad6fec54e10N.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\SysWOW64\sc.exe
      C:\Windows\system32\sc.exe stop SharedAccess
      2⤵
      • Launches sc.exe
      • System Location Discovery: System Language Discovery
      PID:2088
    • C:\Windows\SysWOW64\sc.exe
      C:\Windows\system32\sc.exe stop wscsvc
      2⤵
      • Launches sc.exe
      • System Location Discovery: System Language Discovery
      PID:2112
    • C:\Windows\SysWOW64\1230\smss.exe
      C:\Windows\system32\1230\smss.exe -d
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Windows\SysWOW64\sc.exe
        C:\Windows\system32\sc.exe stop SharedAccess
        3⤵
        • Launches sc.exe
        • System Location Discovery: System Language Discovery
        PID:3032
      • C:\Windows\SysWOW64\sc.exe
        C:\Windows\system32\sc.exe stop wscsvc
        3⤵
        • Launches sc.exe
        • System Location Discovery: System Language Discovery
        PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\1230\smss.exe
    Filesize

    139KB

    MD5

    887fcc4dfddd020bdf4904253c740649

    SHA1

    90e9c4f964b84ba2c01c2028571edeeabba1a677

    SHA256

    8358ee5501863b6170322adcb8dbb034261751331beda2fc9e83619bab44e3fd

    SHA512

    c69cb76d2f051645e1a2639cc786b3efa62f1ca159432dc171422fbfb8e2f91b35f8f5a841014b486d27935b97dc9d55ed155982a9a24efa7b155ea2ffc52004

    Download Submit