89a96b801908c5740644378454ca5d6cff694109967a3c3823e43b00987a8f7e

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4cde42b704d740eaa217beabf9b2e70N.exe
Size

428KB
MD5

c4cde42b704d740eaa217beabf9b2e70
SHA1

4d8c736e437189111b81d7194ae47f56925a0fa5
SHA256

89a96b801908c5740644378454ca5d6cff694109967a3c3823e43b00987a8f7e
SHA512

99d9c434bb2921251bbf238b976217996f15e19d98f88da4b35bee629a538458e216616b4d89df4ab88cca39713cbd232a64ed6720cf40f60a556c1b4f457fb2
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFDKKR79oLuhzxl8RBPBxFcbPRGXT0CO5rqHR:gZLolhNVyEOnWGFlwRubPRiT25rqHR

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1948	92CD.tmp

Executes dropped EXE 1 IoCs

pid	Process
1948	92CD.tmp

Loads dropped DLL 1 IoCs

pid	Process
2372	c4cde42b704d740eaa217beabf9b2e70N.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c4cde42b704d740eaa217beabf9b2e70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	92CD.tmp

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1948	92CD.tmp

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1948	2372	c4cde42b704d740eaa217beabf9b2e70N.exe	31
PID 2372 wrote to memory of 1948	2372	c4cde42b704d740eaa217beabf9b2e70N.exe	31
PID 2372 wrote to memory of 1948	2372	c4cde42b704d740eaa217beabf9b2e70N.exe	31
PID 2372 wrote to memory of 1948	2372	c4cde42b704d740eaa217beabf9b2e70N.exe	31

C:\Users\Admin\AppData\Local\Temp\c4cde42b704d740eaa217beabf9b2e70N.exe
"C:\Users\Admin\AppData\Local\Temp\c4cde42b704d740eaa217beabf9b2e70N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\92CD.tmp
  "C:\Users\Admin\AppData\Local\Temp\92CD.tmp" --pingC:\Users\Admin\AppData\Local\Temp\c4cde42b704d740eaa217beabf9b2e70N.exe 8492400E37FE02B0B7CDEFFADDE6720BB47B70BB9ED8C32EB2FD78E2027B26339ECF8AFD0681C4C5919A20A20467966C63A1B2C41BBA975F344E39810615C7F2
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\92CD.tmp

Filesize
428KB

MD5
aa62f2976911cc31eb8eccee39b44d25

SHA1
35b688f63a64833871e57291f9297d0fc009cf21

SHA256
54901de8cfb1ba270e1ba29df4c9b12a0618d32950b47dc81d7b2b1c1307fcdf

SHA512
9aa6f71d74df99e7a2da2b94906a63f1b43fd0890a35afe3f797c1a58f000f9571e8cfc2e6b988952f663bd74309ff6946531c860fc25ffe39b4147d16adf90f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads