Overview

overview

7

Static

static

3

56c85d262f...0N.exe

windows7-x64

7

56c85d262f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    84s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56c85d262f202a73935e00423a524600N.exe

  • Size

    208KB

  • MD5

    56c85d262f202a73935e00423a524600

  • SHA1

    2d29902cade3aedb92f60118217bde5d828f0234

  • SHA256

    503f1b432f933c9c7a78687d3bb7a2e535b55b496785e3b0a92aff9326f9f176

  • SHA512

    fd8d52d33030afaab17a5158df5939142535f152b1af77d7b224f83f41199ee3703fe02f0efb716e5651aa71ca9b8d5265772d5d6bcea1fe9614355bb1812454

  • SSDEEP

    6144:TMAsW/uBFMhofrmKv6J3iMsd/xZ9qFD6ZyOY90dQEj:YbZg3ALkObQ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56c85d262f202a73935e00423a524600N.exe
    "C:\Users\Admin\AppData\Local\Temp\56c85d262f202a73935e00423a524600N.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\windows\NUJN.exe.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2432
      • C:\windows\NUJN.exe
        C:\windows\NUJN.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\NUJN.exe
    Filesize

    208KB

    MD5

    b4ad998cb521806a4a010e01b43b4183

    SHA1

    3cdd71c43d229a1a52fb1c42c39153da918e7160

    SHA256

    3f478fdf3fcd0b76bd2fbbfeceb4b7c4d93cd95fb750c7793647f93b78bde7a3

    SHA512

    011132807aea558fbc18bb52da3c60a0b8d01b098616659ea3f65d55f681aa2f3d31e06c140fa1686c19091988d95dc1bdd5fcb377a88e08802d2062caf7534c

    Download Submit

  • C:\Windows\NUJN.exe.bat
    Filesize

    54B

    MD5

    adc24c3e8adf6eb0c8145ed3d432e738

    SHA1

    388a2d460c8e516975c02c911355777193184d66

    SHA256

    03a89626423bc3191ba8ea0919e7f4f5258964207935419f0463408012faeb9e

    SHA512

    ff731f2fcbf3438af476c7c3925f66fbd3e4712c805ca9e1f79a478b8bb26386c7ac5cae7cf4e883975c801dbdbdd5ad3ab80079a03d5ef9eeb34de6c6564333

    Download Submit

  • memory/2268-16-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2268-17-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3004-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3004-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download