Analysis

  • max time kernel
    137s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-09-2024 07:46

General

  • Target

    159b90dddcf3e0e852c043e1d1e959d359f45c8413a00c6431450702e07d444c.exe

  • Size

    6.1MB

  • MD5

    290309683edda0fd4ad586d2cf1b0e48

  • SHA1

    4e686ccb2191bec5641a3621370289b870836af9

  • SHA256

    159b90dddcf3e0e852c043e1d1e959d359f45c8413a00c6431450702e07d444c

  • SHA512

    5a52fdada62debce366f099e75c87eb7ae0e2a7074d01ea00ee1d55858005591de92ca5a3cf978765749a8f9bc99aaf753cb4109b8ff0ea88f423fd363b5638d

  • SSDEEP

    98304:+t+ww48YTRGrjsYrXa1PSELk/GEAUfZ82ub8GRprbGJ1y1xWcdGWLpDi5PdjDJiN:+xaELkaUfdOMeXdVlG5Fp+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\159b90dddcf3e0e852c043e1d1e959d359f45c8413a00c6431450702e07d444c.exe
    "C:\Users\Admin\AppData\Local\Temp\159b90dddcf3e0e852c043e1d1e959d359f45c8413a00c6431450702e07d444c.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:5728
    • C:\Users\Admin\AppData\Local\Temp\159b90LQvtoQ.exe
      "159b90LQvtoQ.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1840
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4768,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=948 /prefetch:8
    1⤵
      PID:3120

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\159b90LQvtoQ.exe

      Filesize

      6.1MB

      MD5

      3202735304c30eaaae74065560f2adbf

      SHA1

      f1a2012a2282ff3824261652b1633cc1a3fd811e

      SHA256

      6da967e94ec186a1b6c6acdfbb08c432af6a2f6779ba61c92ec25b8ce7cb9b7c

      SHA512

      b2e1a5c5d37c0382956e6815efdcd8a97a9c836b45c5f8fef455f963258ec193327f58595c2c5e887d444066b4e75734002af3c489028b060abcbffeab4dc9d2

    • C:\Users\Admin\AppData\Local\Temp\cfg.ini

      Filesize

      18B

      MD5

      0b8f565b4c51ed42911387644156f501

      SHA1

      25d4a59857464796396869432f2fc3e696ab8f4a

      SHA256

      3632b1152801fa0b7bf522ddf6ece89c193881ebbfe76e8cb8666508bfb99f49

      SHA512

      17c82abe9e7410ed7111cf12930c01bd86af096f1292c6e9fb10930ce94e582702725dc14768b4975b94fe12106642c64c6300c8400b146538e2c71dce826011

    • memory/5728-4-0x0000000000D40000-0x00000000012CF000-memory.dmp

      Filesize

      5.6MB