882ac0ff8c123f60969bd941af1e42a0721d902e8372d2d1ba8ba3218d1e097b

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

882ac0ff8c123f60969bd941af1e42a0721d902e8372d2d1ba8ba3218d1e097b.exe
Size

11.1MB
MD5

e61c83c978d0c0bfd1c5ebd624c13f1b
SHA1

c87c0feafeb25174691c286218cfa17ea5b90091
SHA256

882ac0ff8c123f60969bd941af1e42a0721d902e8372d2d1ba8ba3218d1e097b
SHA512

bcae77d0a8d365e3e0c1b22c73dc44fc8b1c490cbffb9b6c5ff8bdb46a55163a87b2aa5992e76a571dc0ad44874dcca2f7db4d3754515856ad9bf2acf377cc1d
SSDEEP

196608:yaV6MgGPIvi0SriaCJvSqLg9PYOmKILZlzjgOS9T9BjViLDvM9csfCLTp6KyfKtM:3V6xviNriaC9SoOmKILrH4yvUcsqL8KI

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2268	882ac0ff8c123f60969bd941af1e42a0721d902e8372d2d1ba8ba3218d1e097b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	882ac0ff8c123f60969bd941af1e42a0721d902e8372d2d1ba8ba3218d1e097b.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2268	882ac0ff8c123f60969bd941af1e42a0721d902e8372d2d1ba8ba3218d1e097b.exe

C:\Users\Admin\AppData\Local\Temp\882ac0ff8c123f60969bd941af1e42a0721d902e8372d2d1ba8ba3218d1e097b.exe
"C:\Users\Admin\AppData\Local\Temp\882ac0ff8c123f60969bd941af1e42a0721d902e8372d2d1ba8ba3218d1e097b.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\DmReg.dll

Filesize
52KB

MD5
fdc8b75a37017141831e3421479307be

SHA1
f6a08cc570d5e5bc4218da376ca353d46d62790d

SHA256
2a37ce301490bd4b7c5d02b768b054705fe4620db6ef81061718c1fe89c9f27e

SHA512
d74e2de28523317c928965affa464cef6ba5c4da9ab05d30a79a4d3bbb59284d68331b5735c705cf73e155cf3a42b01ef5cd7219c72c242eed6b711090066537

Download Submit
memory/2268-14-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2268-50-0x00000000010C2000-0x0000000001886000-memory.dmp

Filesize
7.8MB

Download
memory/2268-38-0x00000000010C2000-0x0000000001886000-memory.dmp

Filesize
7.8MB

Download
memory/2268-39-0x0000000000D90000-0x00000000023AD000-memory.dmp

Filesize
22.1MB

Download
memory/2268-29-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2268-27-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2268-24-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2268-34-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2268-22-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2268-19-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2268-17-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2268-35-0x0000000000D90000-0x00000000023AD000-memory.dmp

Filesize
22.1MB

Download
memory/2268-32-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2268-9-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2268-12-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2268-7-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2268-5-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2268-4-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2268-2-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2268-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2268-46-0x0000000004180000-0x000000000433B000-memory.dmp

Filesize
1.7MB

Download
memory/2268-10-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2268-51-0x0000000000D90000-0x00000000023AD000-memory.dmp

Filesize
22.1MB

Download
memory/2268-52-0x0000000000D90000-0x00000000023AD000-memory.dmp

Filesize
22.1MB

Download
memory/2268-53-0x00000000010C2000-0x0000000001886000-memory.dmp

Filesize
7.8MB

Download