Overview

overview

7

Static

static

3

19a1850231...84.exe

windows7-x64

7

19a1850231...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19a1850231d971835763cdaf2229eaac17159c7430ab1c61e9e699f56f1eef84.exe

  • Size

    500KB

  • MD5

    761a2be0649379f9bfda1f63da2fa657

  • SHA1

    d8a0ea7fcc2eed52fd902c97f3a6bfd865f65d4c

  • SHA256

    19a1850231d971835763cdaf2229eaac17159c7430ab1c61e9e699f56f1eef84

  • SHA512

    f23cc19762de3d9512d9d3ec4f96ae265bd1400c40aaa82c50adc965d05d64612668f3eddf12603e49ef8328e2f09dc44e76e85f90a5061ec4ae8d6f044bac5b

  • SSDEEP

    12288:8WBm+95nHfF2mgewFx5rs2iDQLsmBkJs1kfgjdkA:8WBz95ndbgfx5rKngjT

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19a1850231d971835763cdaf2229eaac17159c7430ab1c61e9e699f56f1eef84.exe
    "C:\Users\Admin\AppData\Local\Temp\19a1850231d971835763cdaf2229eaac17159c7430ab1c61e9e699f56f1eef84.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Users\Admin\AppData\Local\Temp\3968.tmp
      "C:\Users\Admin\AppData\Local\Temp\3968.tmp" --pingC:\Users\Admin\AppData\Local\Temp\19a1850231d971835763cdaf2229eaac17159c7430ab1c61e9e699f56f1eef84.exe 98F1A938AF42534C0D15655357F95FB95BFCF55DE843D489F2D74F101E651C6212F0B3A0AB789A3B1052E61871FA1B5C01F59EE035C7F315D21C2E27E6BF67CA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\3968.tmp
    Filesize

    500KB

    MD5

    430f9fbd17bc534002d70d1c27c3c014

    SHA1

    271f36f8a9bae4c9de6cfc43243dd923a57c09b8

    SHA256

    cca41032274845e7cbc0baee6364424d81540e85f5c25fcaf65a54b97ef4b07e

    SHA512

    2fca73bb2612fb772c19e3d552cfdefa229567a5629235ad929b05b4bf2eee3d8eb4d09421abecface1ffdf6f9d7264e52e4705932416d34e9c6d267906a66c9

    Download Submit

  • memory/2428-9-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2428-10-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2716-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2716-4-0x0000000001EF0000-0x0000000001F76000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2716-8-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download