Overview

overview

10

Static

static

3

8c781ac0de...0N.exe

windows7-x64

10

8c781ac0de...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c781ac0de45f671ab49a742cd28e8c0N.exe

  • Size

    2.9MB

  • MD5

    8c781ac0de45f671ab49a742cd28e8c0

  • SHA1

    16aebb88d5666725b21c71692d34ebce696e030c

  • SHA256

    7e3dd42c629597daed74592793f86bfef82a17c3ba9a31e41208f22acf148f44

  • SHA512

    931d63ee6e823611412ee4bb710ee0686233a9adc8a12fda0d598ae102f8f929c1ccb28209f8aa588b027152ced0e03ae57d30dcf3e9738e55bfc6d4190fd103

  • SSDEEP

    49152:XwREDDMTow9V3Faw4z0g3QghUTOO6gvdHeMxWrP+beY7UY714:XwREI5f3gDzJQgyTOO6gvdMwZgN

Score
7/10
discoveryexecution

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Command and Scripting Interpreter: AutoIT 1 TTPs 1 IoCs

    Using AutoIT for possible automate script.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c781ac0de45f671ab49a742cd28e8c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8c781ac0de45f671ab49a742cd28e8c0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Users\Admin\AppData\Local\Temp\is-CFA6H.tmp\8c781ac0de45f671ab49a742cd28e8c0N.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-CFA6H.tmp\8c781ac0de45f671ab49a742cd28e8c0N.tmp" /SL5="$502BA,2114521,845824,C:\Users\Admin\AppData\Local\Temp\8c781ac0de45f671ab49a742cd28e8c0N.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3836
      • C:\Users\Admin\AppData\Local\Temp\is-8OHO2.tmp\Autoit3.exe
        "C:\Users\Admin\AppData\Local\Temp\is-8OHO2.tmp\Autoit3.exe" C:\Users\Admin\AppData\Local\Temp\is-8OHO2.tmp\script.a3x
        3⤵
        • Executes dropped EXE
        • Command and Scripting Interpreter: AutoIT
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of WriteProcessMemory
        PID:1252
        • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
          "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
          4⤵
            PID:1428
          • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
            "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
            4⤵
              PID:4252
            • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
              "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
              4⤵
                PID:1668
              • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                4⤵
                  PID:5012
                • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                  "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                  4⤵
                    PID:368
                  • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                    "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                    4⤵
                      PID:1396
                    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                      "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                      4⤵
                        PID:3608
                      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                        "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                        4⤵
                          PID:2752
                        • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                          "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                          4⤵
                            PID:2336
                          • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                            "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                            4⤵
                              PID:1572
                            • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                              "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                              4⤵
                                PID:3692
                              • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                4⤵
                                  PID:4564
                                • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                  "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                  4⤵
                                    PID:2396
                                  • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                    "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                    4⤵
                                      PID:868
                                    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                      "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                      4⤵
                                        PID:2724
                                      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                        "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                        4⤵
                                          PID:3496
                                        • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                          "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                          4⤵
                                            PID:928
                                          • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                            "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                            4⤵
                                              PID:2556
                                            • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                              "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                              4⤵
                                                PID:2648
                                              • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                4⤵
                                                  PID:1760
                                                • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                  "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                  4⤵
                                                    PID:2744
                                                  • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                    "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                    4⤵
                                                      PID:3132
                                                    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                      "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                      4⤵
                                                        PID:648
                                                      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                        "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                        4⤵
                                                          PID:4460
                                                        • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                          "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                          4⤵
                                                            PID:508
                                                          • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                            "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                            4⤵
                                                              PID:3376
                                                            • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                              "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                              4⤵
                                                                PID:1680
                                                              • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                4⤵
                                                                  PID:944
                                                                • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                  "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                  4⤵
                                                                    PID:3148
                                                                  • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                    "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                    4⤵
                                                                      PID:632
                                                                    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                      "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                      4⤵
                                                                        PID:4108
                                                                      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                        "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                        4⤵
                                                                          PID:3960
                                                                        • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                          "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                          4⤵
                                                                            PID:2988
                                                                          • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                            "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                            4⤵
                                                                              PID:2716
                                                                            • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                              "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                              4⤵
                                                                                PID:3432
                                                                              • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                                "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                                4⤵
                                                                                  PID:4620
                                                                                • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                                  "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                                  4⤵
                                                                                    PID:2932
                                                                                  • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                                    "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                                    4⤵
                                                                                      PID:400
                                                                                    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                                      "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                                      4⤵
                                                                                        PID:4816
                                                                                      • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
                                                                                        "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
                                                                                        4⤵
                                                                                          PID:2856

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-8OHO2.tmp\Autoit3.exe
                                                                                    Filesize

                                                                                    872KB

                                                                                    MD5

                                                                                    c56b5f0201a3b3de53e561fe76912bfd

                                                                                    SHA1

                                                                                    2a4062e10a5de813f5688221dbeb3f3ff33eb417

                                                                                    SHA256

                                                                                    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

                                                                                    SHA512

                                                                                    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-8OHO2.tmp\script.a3x
                                                                                    Filesize

                                                                                    594KB

                                                                                    MD5

                                                                                    8a35cc6fae1aaeee57c5a46168c76fa6

                                                                                    SHA1

                                                                                    af8bf40b0721b4d150fbcf9a9b3e909a48c42856

                                                                                    SHA256

                                                                                    a204fab99a37fc02e926231c1a758afa4ce8204e139327c90cd89498cd3c3657

                                                                                    SHA512

                                                                                    a8b8c287e52a88df949ece6d3ea41335450b02e9ca4ad9ab929a4c7d14244f10de0a7da2a9b1e9dd5658a3bec6371690de43240f3d59369a3e2721dcaf4735fa

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-CFA6H.tmp\8c781ac0de45f671ab49a742cd28e8c0N.tmp
                                                                                    Filesize

                                                                                    3.2MB

                                                                                    MD5

                                                                                    e587511f17c07622f2e88bde6dc2a499

                                                                                    SHA1

                                                                                    08899e43445db2e0d000b3afd80e028636786eeb

                                                                                    SHA256

                                                                                    9fbf0748b5d890c2c28b1ae20aad7fc23a93cc7a57c4a51220d9381af7637c60

                                                                                    SHA512

                                                                                    2e59d9c525c5383c4ea66c785584aa69256a47ffe928a6595cc2bf07469d2da4dd56dcd3d3d42496e593c39eec6356fc4c8a9cdeee6770c7e6c3319b8b614c6e

                                                                                    Download Submit

                                                                                  • memory/1252-14-0x0000000000F00000-0x0000000001300000-memory.dmp

                                                                                    Filesize

                                                                                    4.0MB

                                                                                    Download

                                                                                  • memory/3836-6-0x00000000019E0000-0x00000000019E1000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/3836-15-0x00000000019E0000-0x00000000019E1000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/3836-18-0x0000000000D80000-0x00000000010C3000-memory.dmp

                                                                                    Filesize

                                                                                    3.3MB

                                                                                    Download

                                                                                  • memory/4904-0-0x0000000000C00000-0x0000000000CDC000-memory.dmp

                                                                                    Filesize

                                                                                    880KB

                                                                                    Download

                                                                                  • memory/4904-2-0x0000000000C01000-0x0000000000CA9000-memory.dmp

                                                                                    Filesize

                                                                                    672KB

                                                                                    Download

                                                                                  • memory/4904-20-0x0000000000C00000-0x0000000000CDC000-memory.dmp

                                                                                    Filesize

                                                                                    880KB

                                                                                    Download