147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a

Analysis

max time kernel
134s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe
Size

5.3MB
MD5

e27d1953bcae0cf004b9c22dd5793479
SHA1

23f6f4bcc21c51b02313f069bb32d7dbe6db3c10
SHA256

147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a
SHA512

9ad9f6fdf76267cada279784e8e5c360db33b85167ef163576de66e559797800aea9ae32fa756c2a944c19cc3fadec420dba027f2fad4fae8b6255070d4da56c
SSDEEP

98304:tcdJhneoPrQKGc4E9PjKjT5QZvG0NDxx0AJBAUZLF:tcR9rnXe8G0N9xhJVJ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3196	147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5088	3196	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3196	147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe
3196	147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe

C:\Users\Admin\AppData\Local\Temp\147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe
"C:\Users\Admin\AppData\Local\Temp\147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 1016
  2⤵
  - Program crash
  PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3196 -ip 3196
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HPSocket4C.dll

Filesize
2.8MB

MD5
4c8066482756bd927aff4cf1df9aa5a6

SHA1
9830f4bbf827c3b0179a94e70d275dbf819fdfc6

SHA256
72f2ab23ff9895118114d16faddd1b59b8d6d9a9a2f6792290671b6c21ed704f

SHA512
40531913516c9c684b5c1f1508f39498d1a89aec07774965926ef5f563ead9d3c00cb218f3f7e9febd0e773cbd2c35559eb2e1732f8a8e798691989e565123c6

Download Submit