Overview

overview

3

Static

static

3

d3a4ae02b1...a8.exe

windows7-x64

3

d3a4ae02b1...a8.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 01:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3a4ae02b133a7b59a81ca27d1e088123cd46fa0f9b252db8d5611422e972ea8.exe

  • Size

    12.5MB

  • MD5

    61839ccb093b215887107036856ee23f

  • SHA1

    47ef17c6bf08042e3b250e811ba1f16b8ba9f904

  • SHA256

    d3a4ae02b133a7b59a81ca27d1e088123cd46fa0f9b252db8d5611422e972ea8

  • SHA512

    99afb47223116895c1d535a8f2f2e962942b92951fd7d7a68e1461eace4c339440df4eaf64ad40380d0f1c47c16ff983f59b80f50add35f169fa96ebfc8d036b

  • SSDEEP

    393216:0hafTkmZC54/5945BIgUMORPIevYWxBsCEt5IDJ:dTkAC5C5945BIgUMORPIevYWxBK5IDJ

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 9 IoCs
    evasion
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3a4ae02b133a7b59a81ca27d1e088123cd46fa0f9b252db8d5611422e972ea8.exe
    "C:\Users\Admin\AppData\Local\Temp\d3a4ae02b133a7b59a81ca27d1e088123cd46fa0f9b252db8d5611422e972ea8.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious use of SetWindowsHookEx
    PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\candyglass_2.ini
    Filesize

    25KB

    MD5

    c6643a734b6cbbd3f3c4f96014e69a18

    SHA1

    0f972b9a09a80fe6490bce7771f0c1157f6de4ff

    SHA256

    7204803734ec25f362eefb8bb3cacdf1c040f1c4e8501546af5bb23ae79c7a54

    SHA512

    a35accf402fffd011e0475b83f9fb134570c793990a9e2aa3734757e8b4de2bada4b19aa81f74f7e7be9868d6dca8e3ab4f33c72fbe24c06a7d80ec67e768521

    Download Submit

  • memory/3032-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3032-0-0x0000000000400000-0x000000000108D000-memory.dmp

    Filesize

    12.6MB

    Download

  • memory/3032-503-0x0000000000400000-0x000000000108D000-memory.dmp

    Filesize

    12.6MB

    Download