a2703d477301bfc6d810b5882314e786127a05cf0de1032b5b6098daf1447c41

Analysis

max time kernel
102s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee08e8c830b6885eaecadb3dd6a0b190N.exe
Size

9.8MB
MD5

ee08e8c830b6885eaecadb3dd6a0b190
SHA1

7b4641bcdf8df566905baceddba7b83c7a6836de
SHA256

a2703d477301bfc6d810b5882314e786127a05cf0de1032b5b6098daf1447c41
SHA512

1592e1b8a9cd6090979a152af2e936f8d4b36e4ec8398ece2b6e7cdfea94716a6d08c39e3081855e39b9d836598bc28c83061a7662db12a85fff36031ffad1e6
SSDEEP

98304:2ssssssssssssssssssssssssssssssss1WWWWWWWWWWWWWWWWM:n

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3260	svrwsc.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2812-0-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral2/files/0x00080000000234c6-4.dat	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\svrwsc.exe	ee08e8c830b6885eaecadb3dd6a0b190N.exe
File created	C:\Windows\SysWOW64\svrwsc.exe	svrwsc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ee08e8c830b6885eaecadb3dd6a0b190N.exe

C:\Users\Admin\AppData\Local\Temp\ee08e8c830b6885eaecadb3dd6a0b190N.exe
"C:\Users\Admin\AppData\Local\Temp\ee08e8c830b6885eaecadb3dd6a0b190N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2812

C:\Windows\SysWOW64\svrwsc.exe
C:\Windows\SysWOW64\svrwsc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\svrwsc.exe

Filesize
10.1MB

MD5
84b2877db3d2f6f01416e9db6a1b6bbb

SHA1
3c180644af652534b71aa923dcd0ac5ff8a0270b

SHA256
93ed82242193ab4454790fde018ef8c32170f6aac348b720830ef59edab230b7

SHA512
d96248a86625321a19b2baaaaa67b9711365a82d4df34667311e2f2795c15b40928d737098d5ae7780d3d4f519190a6e387bcb6bb6fbc51461fd78e460c689b5

Download Submit
memory/2812-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2812-2-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2812-1-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2812-8-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3260-6-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download