Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
31-08-2024 05:55
Static task
static1
Behavioral task
behavioral1
Sample
ecf1c18fd8e00059f7408f943e96f73aa08839601eec0bc2588fcb3e9c29d137.exe
Resource
win7-20240704-en
General
-
Target
ecf1c18fd8e00059f7408f943e96f73aa08839601eec0bc2588fcb3e9c29d137.exe
-
Size
415KB
-
MD5
c4cc29108ef8565e5251c56047586e20
-
SHA1
290a6b8d1d2b745d3a61be322ec9b729d5ba844d
-
SHA256
ecf1c18fd8e00059f7408f943e96f73aa08839601eec0bc2588fcb3e9c29d137
-
SHA512
ecdeaf0f4860bfd70ff9378485a3e952e9fb6eafca64c300b0cf24779357350814662f3648804021651a51f4fafd174a69dc796695c45f01c17efae89ca80477
-
SSDEEP
6144:pryyKsi2/CGBfHYTbILiniQCLZ4jekjEXL6cbr/mgppj3l3s1LOsoYYL2Ta0cI:pryyKsiWrLitCL0Or/VpprlkOsc8a9I
Malware Config
Signatures
-
Expiro payload 3 IoCs
Processes:
resource yara_rule behavioral2/memory/3240-0-0x000000000015B000-0x00000000001EE000-memory.dmp family_expiro1 behavioral2/memory/3240-2-0x00000000000F0000-0x00000000001EE000-memory.dmp family_expiro1 behavioral2/memory/3240-1-0x000000000015B000-0x00000000001EE000-memory.dmp family_expiro1 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
ecf1c18fd8e00059f7408f943e96f73aa08839601eec0bc2588fcb3e9c29d137.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ecf1c18fd8e00059f7408f943e96f73aa08839601eec0bc2588fcb3e9c29d137.exe