Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 00:11 UTC

General

  • Target

    9db80d7a17839a504186eb72675d0610N.exe

  • Size

    3.9MB

  • MD5

    9db80d7a17839a504186eb72675d0610

  • SHA1

    1706e1497197bcc9e59dab4acc8a7b3d607d525a

  • SHA256

    46eb8209dd54aad593c8f0b7db8bb7ded6028bedfd60ace2561e05885b2bde10

  • SHA512

    4aaf017f24ec6aa9bb14b08a999234682d2bdf683f5435e721c55c2d9a78eaa36c1aee59f31922feff2b458211fc0b0c82a1e1e11865255679c8f92d71eb59a4

  • SSDEEP

    3072:ZowahJ0y5iDe02mtTBf6NNFyxXA+33333333333333333333333333333333333C:YP5CeEtTB8FyxX0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9db80d7a17839a504186eb72675d0610N.exe
    "C:\Users\Admin\AppData\Local\Temp\9db80d7a17839a504186eb72675d0610N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2104
  • C:\Program Files\Microsoft Explorer\svmssc.exe
    "C:\Program Files\Microsoft Explorer\svmssc.exe"
    1⤵
    • Deletes itself
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2392

Network

  • flag-us
    DNS
    0777163.com
    svmssc.exe
    Remote address:
    8.8.8.8:53
    Request
    0777163.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    0777163.com
    dns
    svmssc.exe
    57 B
    130 B
    1
    1

    DNS Request

    0777163.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Explorer\svmssc.exe

    Filesize

    18.3MB

    MD5

    a30da6980af06b8026a8e69977e1f2a1

    SHA1

    4a59c9765388cdc7fd4ad7f99b3b321eac2b2928

    SHA256

    974ae484e2b2e6510219262a78216cbcbe457674741935613064a058a344e49f

    SHA512

    3c0e08fadebea5d80c23cf8a8b5e8aac398ab0c0e6623c993ce541a69647db1659401b40585cc923c366d6d25e45b2b9c310c0d5d1e109b99d4b9a97ca99d826

  • C:\SystemTemp

    Filesize

    71B

    MD5

    501ee405233c8380a3337f715b52f236

    SHA1

    02428f67a123fdbb71cfe4b10db8686e4be24e80

    SHA256

    86a68180aff5c4a01d7c4c835c56e59f8bd7e51f5411ac48f80315beacaa8449

    SHA512

    6f39d482926027420429c39bee308e17002a65d19e54ee6d765b75b305631a4e1db78b3ee3b363e511d2f7fe4328d8738edcc55578be5476d3c8838b3831e99d

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.