Analysis
-
max time kernel
102s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 06:56
Static task
static1
Behavioral task
behavioral1
Sample
7a71f59d2ca32497a08d0cf9f05790d0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
7a71f59d2ca32497a08d0cf9f05790d0N.exe
Resource
win10v2004-20240802-en
General
-
Target
7a71f59d2ca32497a08d0cf9f05790d0N.exe
-
Size
1.4MB
-
MD5
7a71f59d2ca32497a08d0cf9f05790d0
-
SHA1
2f274237030fbc41a94caa92c218e604b4215b4b
-
SHA256
547c316e16556fca838a6cc40bfe9b3906e5301a69b0f577946e031564ee59be
-
SHA512
ea607b8c1942f2729d268b64ac758be52677407cc4310a7b03d843fc9ccfab9caf983dd08c79762566cf949afe05ba0702fd47e3236173ab72eab7e48074bfcc
-
SSDEEP
24576:v507EhRrX6eiWQ8G4qLfaTI7qJDlF8KqdjY4VzXIW1TLGdnaoXMRMQf:h0Eip85MfaTImb0EQzXn1yaSIMk
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7a71f59d2ca32497a08d0cf9f05790d0N.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1808 javaw.exe 1808 javaw.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4976 wrote to memory of 1808 4976 7a71f59d2ca32497a08d0cf9f05790d0N.exe 84 PID 4976 wrote to memory of 1808 4976 7a71f59d2ca32497a08d0cf9f05790d0N.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4976 -
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"2⤵
- Suspicious use of SetWindowsHookEx
PID:1808
-