0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-08-2024 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
Size

7.0MB
MD5

14462f8ec7a645f19b10247328c22ec7
SHA1

6f43200e64a2ce622f0aedd77375bc2354392cad
SHA256

0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861
SHA512

86f1f7f57f3950923b39da1d2c2231b8ef28268b7c37a5352a2c8329636bc4ddc5013a750674f64572879496764eea8ed4fc2e650b86a72378caae4e4710b2dd
SSDEEP

196608:rHDQahBiIbZg4T4hac7p6eDcGRY9iTfh/7/Nv6Bj:rHD5h1behacQeHwibh/71vW

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe

pid	Process
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe

description	pid	Process	procid_target
PID 2844 wrote to memory of 1252	2844	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe	84
PID 2844 wrote to memory of 1252	2844	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe	84
PID 2844 wrote to memory of 1252	2844	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe	84
PID 1252 wrote to memory of 4296	1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe	88
PID 1252 wrote to memory of 4296	1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe	88
PID 1252 wrote to memory of 4296	1252	0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe	88

C:\Users\Admin\AppData\Local\Temp\0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
"C:\Users\Admin\AppData\Local\Temp\0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe
  "C:\Users\Admin\AppData\Local\Temp\0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
    C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe
    3⤵
    PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28442\VCRUNTIME140.dll

Filesize
74KB

MD5
afa8fb684eded0d4ca6aa03aebea446f

SHA1
98bbb8543d4b3fbecebb952037adb0f9869a63a5

SHA256
44de8d0dc9994bff357344c44f12e8bfff8150442f7ca313298b98e6c23a588e

SHA512
6669eec07269002c881467d4f4af82e5510928ea32ce79a7b1f51a71ba9567e8d99605c5bc86f940a7b70231d70638aeb2f6c2397ef197bd4c28f5e9fad40312

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\_ctypes.pyd

Filesize
114KB

MD5
21e301d58c481660af1efdebc4ad63fe

SHA1
ec10719afcbd6317355bbe0de04beb3d5c067651

SHA256
003429b4e119dc08798aada64c13002b210507291afae8cace5eb0032754e78e

SHA512
fe06fcb3f6f3f76b7de0ea92ea4fb286c6f8643cbe0f34a9df9b354434aabe3941a3bf2028f3a2e61183f4c39ee2f80ec5dfdcd9854416423142142508a71493

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\_hashlib.pyd

Filesize
51KB

MD5
306337b62fac65f80cdff7ecde572134

SHA1
97bdbab0792ee3f601a49a5cc8c5659cacbbd412

SHA256
b8a52b9347b2892e4309b4e7386e425a386a7ec3ab0437fa3ac9e3adf3d12d0e

SHA512
64519625158d0fa1bae8e46bc70bebebcf917a1f48ce2062c21c950c5a007ea2863d5d3c126d2b7ee0dae445b8f9a09901bf9b7564c4083cb51788a1c320c926

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\_socket.pyd

Filesize
69KB

MD5
2df573607b053e4d8ba0eba9be96541c

SHA1
d41b40c468898c9a2e4d6be434c7eea57724b546

SHA256
a591d3054c741496889e1a427516d8aab89bb94636b96467213fa6449df9eb26

SHA512
21fb191b49092abf5bc0ab029fdff0a63b7b77ed4edbf13b0c74eb8d3e5a9ebd5ba8314c0f8293ad5c922c5ad0849a23d1fa05e1c6e3104c23aab85dcd095e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\_uuid.pyd

Filesize
20KB

MD5
57d1ce47beec7887052b7f483af087ad

SHA1
5700079af8e2935a15f43f83acf0c599b8d5b549

SHA256
06530260df043ed6515ffdb371f797b7c2cc5e824b848a341f40691cead64ebe

SHA512
7aa94e5b6664c767da054fbacb19a6386007d83db0659dd9c62fc17d3aadc2855e5421f9bf15b7b8a01e6bc93bd6ef1c9d425246f1431bda141e066bc20236f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\base_library.zip

Filesize
781KB

MD5
d214306a963d6db9dbe73c65d9b7c23e

SHA1
e42d3786f3ecf2cffee2ca2b7821973630431231

SHA256
5dd6afe3439d4eb8673de441ed980825919110abc2b1360c7a02a3cc365fcca8

SHA512
76601a39f1e84eaf3257a4989a45b6e2ee8492788239bb8f42729bfdbfbd3a50949295fd459ee4d9649fd16c3815740d7bf8152c4b707432a2a480ced711473c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\libcrypto-1_1.dll

Filesize
2.2MB

MD5
31c2130f39942ac41f99c77273969cd7

SHA1
540edcfcfa75d0769c94877b451f5d0133b1826c

SHA256
dd55258272eeb8f2b91a85082887463d0596e992614213730000b2dbc164bcad

SHA512
cb4e0b90ea86076bd5c904b46f6389d0fd4afffe0bd3a903c7ff0338c542797063870498e674f86d58764cdbb73b444d1df4b4aa64f69f99b224e86ddaf74bb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\python39.dll

Filesize
4.3MB

MD5
84741db3367d6998108d22e03eaf2a71

SHA1
6564ab918223d0074dfbf9bc5d062fd3a2003079

SHA256
3e0c22d1451c3f3578850990f54916eb276bb45b951649d6478523566dfa8059

SHA512
1a6aa94ec97df73b23b0d5079bafa92c13f9786f5c488046e95804f4701baeecb1beb9fd96824a6009355321adb7319ac643af40ff0c6b01733050dab2b648c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28442\select.pyd

Filesize
24KB

MD5
e2642d30be324bd86d711ada36797b85

SHA1
c474699a4853f0157708901213d3165530c45a69

SHA256
bb87be114067ab856067dbe74ba421c21cb0f36ad1960af0f5d61bda2e753fa2

SHA512
b2bb79f229d86e74d04bae5ef4813909afeaac530ce71f384c2ce1e1c690d792b413255c35e97b0ef9ff72c68d779dc044a03646d35777a40f1a427eafc14666

Download Submit