ca7fe859dc89cae5bd225ab7f2f94baf696fc17cac54efcb31879e0f06248d8b

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d72041e5c88e3a292d642e22ad1fe8f0N.exe
Size

114KB
MD5

d72041e5c88e3a292d642e22ad1fe8f0
SHA1

08e6314a184aaee99bd34fbacb7f6c0c49d91f33
SHA256

ca7fe859dc89cae5bd225ab7f2f94baf696fc17cac54efcb31879e0f06248d8b
SHA512

bc34e4f2f9d3795a4dcef2a971ae74d9a221cce55c761aa8f87eba034d32df3fc93c96041d0863bf2640b78aced672ec11d3d4b37b0ea83d3e82acd0059a78c5
SSDEEP

384:OPP1svHMbR4PRdixlu09HNqmbYpjZHgzix0MFbJWC5sP6iM:OPP1dbfbUgziPbh5sPK

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2248	senis.exe

Loads dropped DLL 2 IoCs

pid	Process
2616	d72041e5c88e3a292d642e22ad1fe8f0N.exe
2616	d72041e5c88e3a292d642e22ad1fe8f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d72041e5c88e3a292d642e22ad1fe8f0N.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2616	d72041e5c88e3a292d642e22ad1fe8f0N.exe
2248	senis.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2248	2616	d72041e5c88e3a292d642e22ad1fe8f0N.exe	29
PID 2616 wrote to memory of 2248	2616	d72041e5c88e3a292d642e22ad1fe8f0N.exe	29
PID 2616 wrote to memory of 2248	2616	d72041e5c88e3a292d642e22ad1fe8f0N.exe	29
PID 2616 wrote to memory of 2248	2616	d72041e5c88e3a292d642e22ad1fe8f0N.exe	29

C:\Users\Admin\AppData\Local\Temp\d72041e5c88e3a292d642e22ad1fe8f0N.exe
"C:\Users\Admin\AppData\Local\Temp\d72041e5c88e3a292d642e22ad1fe8f0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Users\Admin\AppData\Local\Temp\senis.exe
  "C:\Users\Admin\AppData\Local\Temp\senis.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\senis.exe

Filesize
115KB

MD5
a86ec32ff88ae80c7f64b3e46e601ef2

SHA1
54ba7a460f55eee2910effaa636571e84922082b

SHA256
bb467c67616e77de4c290b6241943a8cbf0157c110502ed856e7152b151c497e

SHA512
12b84310ed3ef3d8f19292b3846b1ba75d8fcf25ef8c1efb7fe0bce8b2e8eb2b26db75c55141c8be2745c24f7bf0a3acd1c227c03ebc509b2f1bca8a99c6d634

Download Submit
memory/2248-19-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2248-27-0x0000000000420000-0x000000000043C000-memory.dmp

Filesize
112KB

Download
memory/2616-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2616-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2616-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2616-8-0x0000000000420000-0x000000000043C000-memory.dmp

Filesize
112KB

Download
memory/2616-13-0x0000000002090000-0x00000000020AC000-memory.dmp

Filesize
112KB

Download