Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 09:35

General

  • Target

    $_3_.exe

  • Size

    1.8MB

  • MD5

    77bfacca17ee1d89833b57f3a746d9a0

  • SHA1

    aa9490c913489c5eafd02f67f875efcb56d23036

  • SHA256

    38571b0965110d07c6fbf4813ab628d4017cf52c681c457fb3f184b644fb0b52

  • SHA512

    21ecc2fce94a58cd39127964730b01722b9dafa20d3af65b023fe83188c08211ba1324849513ffc10b6a359737f98c4d06770dc1954f8880daff938a06581e6f

  • SSDEEP

    49152:/SNY8H0ZGF5j51XdQTPRPgojx1NslvUOl/WkMWAH:oY00Z8F1XdUL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_3_.exe
    "C:\Users\Admin\AppData\Local\Temp\$_3_.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\21418.bat" "C:\Users\Admin\AppData\Local\Temp\E2DA58CC4D534A7E8CDFA5BBC2B03CEF\""
      2⤵
      • System Location Discovery: System Language Discovery
      PID:352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\21418.bat

    Filesize

    214B

    MD5

    739fcc7ba42b209fe44bea47e7a8c48f

    SHA1

    bc7a448a7c018133edcf012bc94301623eb42c5b

    SHA256

    69017cdbbe68396f45e41d211b22d800cc1afc0eadbd3440873038585020315c

    SHA512

    2b2b130798b0f4e534626b9fb5deaa10bb1930e6700ac0ba7cf151c1bf3239039a7032ea67ceed86a4a4dbe981064c42a8e0f88fe8361e27002dd8ceb0ea767a

  • C:\Users\Admin\AppData\Local\Temp\E2DA58CC4D534A7E8CDFA5BBC2B03CEF\E2DA58CC4D534A7E8CDFA5BBC2B03CEF_LogFile.txt

    Filesize

    9KB

    MD5

    7eca8d501b76136dc225b7abefeee71d

    SHA1

    2275684e9fd3cbb616c15475a8b36c594e80e7c7

    SHA256

    7d5ba1a7e013f87e163ded99841cac8675938a4a0773e3367dfc51b8fdbdda32

    SHA512

    737f58572eca89cb27532c276b1df8429feaa9c48a185bbecfa79e29c1f20ac1d037b87f51744cabd6e794db937bfe4de53afdfaa02d4950f458251048a84d01

  • C:\Users\Admin\AppData\Local\Temp\E2DA58CC4D534A7E8CDFA5BBC2B03CEF\E2DA58~1.TXT

    Filesize

    118KB

    MD5

    e601af37807d546eee4dd3119284cbdc

    SHA1

    9a20ff25c4c9da753d86ebb8d4f30c0e427d003a

    SHA256

    fa88d98f040461e359972962a8d4d149ca6c8a4c0044df3a6446b3d57f4e2813

    SHA512

    4634839e7582ca3c8e89dc01d95318b491a8d746779e33ae361014e2cf40c6c6549ccd8bef9ccca8ecb786eb0f906de3d27fd2bbd637467adb3997bee70b9deb

  • memory/2536-63-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB