Analysis
-
max time kernel
132s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/08/2024, 05:11
Static task
static1
Behavioral task
behavioral1
Sample
ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe
Resource
win10v2004-20240802-en
General
-
Target
ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe
-
Size
5.1MB
-
MD5
478d6886bb188a47255c4d56b88a407f
-
SHA1
e2753b8b4b665e7373a4faea2ba38793271a151c
-
SHA256
ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba
-
SHA512
92bfb675445b52bcbac52f3695d9e84245775bf53a4b49f720bd3d5466eb8c7f37bfcaab112f90c269408cd5f9d0c0b7260458a3caec4141e1037edafd39c9ef
-
SSDEEP
98304:EIZcB98hKgkvc8veTP+hU7oiOcQ1GwvZGVrlyKGEDC:YHx9vjKGEDC
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 664 ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3504 664 WerFault.exe 84 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 664 ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe 664 ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe"C:\Users\Admin\AppData\Local\Temp\ee778d4170709b927fdc888c84af0e93f5dc9e7d46288d9b58b9ac8e0bae64ba.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:664 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 9442⤵
- Program crash
PID:3504
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 664 -ip 6641⤵PID:3028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.5MB
MD5298f5812023bab65ee23d13ee9489a6e
SHA171e9d7f205e5e7af6907c539c77a3aeea971692f
SHA256fe100d35b034c15ae3b74379f4eedd321c8e4b84fe666b54ee924ca2a8bdca6e
SHA512217258fb7728f61199f913fb98c894077c12a124e1596d1c6c7cfc065d4d2a6e1e03ad950c3321e2a8dcd997fb5c9524f98530db4bcb39f9914ecb5ff0e22dbd