Overview

overview

7

Static

static

3

4722dd6cef...0N.exe

windows7-x64

7

4722dd6cef...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 08:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4722dd6ceff105a579d67e63f5402660N.exe

  • Size

    256KB

  • MD5

    4722dd6ceff105a579d67e63f5402660

  • SHA1

    b92f8c72ef084be7cca1328d2a09cb2200a0c3e1

  • SHA256

    6b47be6b825c54b9d01b3a283b96a752df3cd26ee856d3971911153902925fbd

  • SHA512

    69585e8924fb9bd29e6a275d1afd368865a36dfb6acfc8f09b1532fba3aa5d31b895037cac99bdd88b096535f6b2107e3bba9efa578c4ebc16ee9ce6aebb3568

  • SSDEEP

    6144:DcHDq7bXdhavxdjUccBucIgQfieWdDJboY4sJ8:DcHOLYxFUZRI9fie6D9d8

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4722dd6ceff105a579d67e63f5402660N.exe
    "C:\Users\Admin\AppData\Local\Temp\4722dd6ceff105a579d67e63f5402660N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Users\Admin\AppData\Local\Temp\4722dd6ceff105a579d67e63f5402660N.exe
      C:\Users\Admin\AppData\Local\Temp\4722dd6ceff105a579d67e63f5402660N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\4722dd6ceff105a579d67e63f5402660N.exe
    Filesize

    256KB

    MD5

    d713c0b6a8ae0d668419c933e95e5eef

    SHA1

    3cf08837a1298c80581a833211c28637dcc7faa4

    SHA256

    07a9bc02d26d0536655872b88e8af33d802634b998cf709d2d1ea45cc6d61421

    SHA512

    cf5c2cf799db78f272a0ad5ede3c14858461cd1306269f6f9edd20f0f6c0230976b03ebed8673e329afa67ebab1fb1ab13c54501cce9907e2a5071b554906ea5

    Download Submit

  • memory/2636-0-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2636-6-0x0000000000130000-0x0000000000166000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2636-10-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2796-11-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2796-16-0x0000000000130000-0x0000000000166000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2796-17-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.