601490f2ce7df4947f203f54ef2eae41594283db6ba423659e535d1c4dc51017

Analysis

max time kernel
114s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c66fab8369cc0d8bf37645d198aa3aa0N.exe
Size

3.6MB
MD5

c66fab8369cc0d8bf37645d198aa3aa0
SHA1

bcec2481eb1300eb74fcd259ed793d65ead189d1
SHA256

601490f2ce7df4947f203f54ef2eae41594283db6ba423659e535d1c4dc51017
SHA512

648c4aff78acbbec91d1387eb8bc99cfe46a35161871212f4b18cdc6f1e8bb2ea6af55bdc888ddd8d79b9e825986c1a815606eaac3c42a251f0e0db7835513a2
SSDEEP

49152:vg+JfU2JByXienplE06QknMwGUTVm8jfeOCsLFVprJUcVfRTBxG:v9Q0n8i8dtYPprrR

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1732	c66fab8369cc0d8bf37645d198aa3aa0N.exe
1732	c66fab8369cc0d8bf37645d198aa3aa0N.exe
1732	c66fab8369cc0d8bf37645d198aa3aa0N.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4832	1732	WerFault.exe	90

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c66fab8369cc0d8bf37645d198aa3aa0N.exe

C:\Users\Admin\AppData\Local\Temp\c66fab8369cc0d8bf37645d198aa3aa0N.exe
"C:\Users\Admin\AppData\Local\Temp\c66fab8369cc0d8bf37645d198aa3aa0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 1508
  2⤵
  - Program crash
  PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1732 -ip 1732
1⤵
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4188,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:8
1⤵
PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{408ac47a-57d5-43ee-9952-ace5c74bf9f4}\System.Data.SQLite.dll

Filesize
718KB

MD5
ecb03d44a01ce72350c80b7e38693ca8

SHA1
5516d01213556d02ee7b143b0caffb71b66b1d87

SHA256
eb193171d1574447d32b1150da40e186f8e34d0f1c75a32a90459d5596ac74b2

SHA512
e2f1c8864b0cb1827a04047aae8399dc0bebf91d51ccd67b03898e1e81072bee3341a064596947964522417fc56a2763c4c296ad3bd970a6b6b279abda03e030

Download Submit
memory/1732-6-0x0000000006550000-0x00000000065EC000-memory.dmp

Filesize
624KB

Download
memory/1732-2-0x0000000005370000-0x00000000053F4000-memory.dmp

Filesize
528KB

Download
memory/1732-3-0x0000000005500000-0x0000000005538000-memory.dmp

Filesize
224KB

Download
memory/1732-4-0x0000000074600000-0x0000000074DB0000-memory.dmp

Filesize
7.7MB

Download
memory/1732-5-0x00000000056C0000-0x00000000057F4000-memory.dmp

Filesize
1.2MB

Download
memory/1732-0-0x000000007460E000-0x000000007460F000-memory.dmp

Filesize
4KB

Download
memory/1732-7-0x00000000065F0000-0x00000000066A7000-memory.dmp

Filesize
732KB

Download
memory/1732-1-0x0000000000750000-0x0000000000AEA000-memory.dmp

Filesize
3.6MB

Download
memory/1732-13-0x00000000066B0000-0x0000000006767000-memory.dmp

Filesize
732KB

Download
memory/1732-26-0x0000000006860000-0x0000000006BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-27-0x0000000006BC0000-0x0000000006C52000-memory.dmp

Filesize
584KB

Download
memory/1732-28-0x0000000074600000-0x0000000074DB0000-memory.dmp

Filesize
7.7MB

Download