e093dacb75be02aee0a16734ea51516745b7ad3d763a883fc7cd7ea7b628e6c2

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaeb5c2f0677f894599fa646ff16cec0N.exe
Size

274KB
MD5

eaeb5c2f0677f894599fa646ff16cec0
SHA1

f77790fbf4802887f18c0f59f36a509427e84d3c
SHA256

e093dacb75be02aee0a16734ea51516745b7ad3d763a883fc7cd7ea7b628e6c2
SHA512

75b6ada4ef3010fd966242bea26cdaca2cf2045b79a98105dbd89e32ce23872c0f099d59f388b6b676ea145b2904f50a5dcd96e4024f31cb89527cf0433abf4c
SSDEEP

6144:TzevND5hKqfWE4d1FzdlqpZtypIprdqYJslu0xfsLP:feDhXWld1Irvr4Xluufm

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2712	eaeb5c2f0677f894599fa646ff16cec0N.exe

Executes dropped EXE 1 IoCs

pid	Process
2712	eaeb5c2f0677f894599fa646ff16cec0N.exe

Loads dropped DLL 1 IoCs

pid	Process
2812	eaeb5c2f0677f894599fa646ff16cec0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eaeb5c2f0677f894599fa646ff16cec0N.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2812	eaeb5c2f0677f894599fa646ff16cec0N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2712	2812	eaeb5c2f0677f894599fa646ff16cec0N.exe	31
PID 2812 wrote to memory of 2712	2812	eaeb5c2f0677f894599fa646ff16cec0N.exe	31
PID 2812 wrote to memory of 2712	2812	eaeb5c2f0677f894599fa646ff16cec0N.exe	31
PID 2812 wrote to memory of 2712	2812	eaeb5c2f0677f894599fa646ff16cec0N.exe	31

C:\Users\Admin\AppData\Local\Temp\eaeb5c2f0677f894599fa646ff16cec0N.exe
"C:\Users\Admin\AppData\Local\Temp\eaeb5c2f0677f894599fa646ff16cec0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\eaeb5c2f0677f894599fa646ff16cec0N.exe
  C:\Users\Admin\AppData\Local\Temp\eaeb5c2f0677f894599fa646ff16cec0N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\eaeb5c2f0677f894599fa646ff16cec0N.exe

Filesize
274KB

MD5
692da63c17b40b3eca415961c0049319

SHA1
988e22c08eaf910640f64dea9f512212de9a504a

SHA256
1e9014ea876c864772acb53b25057f4e9acdf750dcba5c378499f0ef31c5303f

SHA512
9a8b3108721c68de07d4fc5c98b2794b02ad3a22f31d14b6622a43c5235ac5b5468a547ee453ab3ff5987d289c971f197d5e7a339f8989371b4e38053d85e201

Download Submit
memory/2712-12-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2712-14-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2812-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2812-11-0x0000000000130000-0x0000000000182000-memory.dmp

Filesize
328KB

Download
memory/2812-10-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2812-9-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2812-15-0x0000000000130000-0x0000000000182000-memory.dmp

Filesize
328KB

Download