46eb8209dd54aad593c8f0b7db8bb7ded6028bedfd60ace2561e05885b2bde10

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9db80d7a17839a504186eb72675d0610N.exe
Size

3.9MB
MD5

9db80d7a17839a504186eb72675d0610
SHA1

1706e1497197bcc9e59dab4acc8a7b3d607d525a
SHA256

46eb8209dd54aad593c8f0b7db8bb7ded6028bedfd60ace2561e05885b2bde10
SHA512

4aaf017f24ec6aa9bb14b08a999234682d2bdf683f5435e721c55c2d9a78eaa36c1aee59f31922feff2b458211fc0b0c82a1e1e11865255679c8f92d71eb59a4
SSDEEP

3072:ZowahJ0y5iDe02mtTBf6NNFyxXA+33333333333333333333333333333333333C:YP5CeEtTB8FyxX0

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2392	svmssc.exe

Executes dropped EXE 1 IoCs

pid	Process
2392	svmssc.exe

Loads dropped DLL 3 IoCs

pid	Process
2392	svmssc.exe
2392	svmssc.exe
2392	svmssc.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Explorer\svmssc.exe	9db80d7a17839a504186eb72675d0610N.exe
File opened for modification	C:\Program Files\Microsoft Explorer	9db80d7a17839a504186eb72675d0610N.exe
File created	C:\Program Files\Microsoft Explorer\svmssc.exe	9db80d7a17839a504186eb72675d0610N.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9db80d7a17839a504186eb72675d0610N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svmssc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2104	9db80d7a17839a504186eb72675d0610N.exe
2392	svmssc.exe

C:\Users\Admin\AppData\Local\Temp\9db80d7a17839a504186eb72675d0610N.exe
"C:\Users\Admin\AppData\Local\Temp\9db80d7a17839a504186eb72675d0610N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Program Files\Microsoft Explorer\svmssc.exe
"C:\Program Files\Microsoft Explorer\svmssc.exe"
1⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Explorer\svmssc.exe

Filesize
18.3MB

MD5
a30da6980af06b8026a8e69977e1f2a1

SHA1
4a59c9765388cdc7fd4ad7f99b3b321eac2b2928

SHA256
974ae484e2b2e6510219262a78216cbcbe457674741935613064a058a344e49f

SHA512
3c0e08fadebea5d80c23cf8a8b5e8aac398ab0c0e6623c993ce541a69647db1659401b40585cc923c366d6d25e45b2b9c310c0d5d1e109b99d4b9a97ca99d826

Download Submit
C:\SystemTemp

Filesize
71B

MD5
501ee405233c8380a3337f715b52f236

SHA1
02428f67a123fdbb71cfe4b10db8686e4be24e80

SHA256
86a68180aff5c4a01d7c4c835c56e59f8bd7e51f5411ac48f80315beacaa8449

SHA512
6f39d482926027420429c39bee308e17002a65d19e54ee6d765b75b305631a4e1db78b3ee3b363e511d2f7fe4328d8738edcc55578be5476d3c8838b3831e99d

Download Submit