Analysis
-
max time kernel
93s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05-09-2024 12:09
General
-
Target
f3800a7223fa24b1df3efff490172e0b73afc2359303e2476247e070e4eb0911.exe
-
Size
1.3MB
-
MD5
e1bfe10f37183ae1803496a4e5d3b8e1
-
SHA1
230b7232263789b3e43604770d923e2a66d3eb50
-
SHA256
f3800a7223fa24b1df3efff490172e0b73afc2359303e2476247e070e4eb0911
-
SHA512
cd2f27e76adfa7453fc048ae6bec4be426dce770f50fef1863c017fd24de774b4b4b3744bc645e3bcbf41fdf383d9ba1649fb54a0d25f9ff9b9b9acc687632b9
-
SSDEEP
24576:5qDEvCTbMWu7rQYlBQcBiT6rprG8ar7O55/JxphR4J4p91z:5TvC/MTQYxsWR7aPY5qJ4j
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f3800a7223fa24b1df3efff490172e0b73afc2359303e2476247e070e4eb0911.exe"C:\Users\Admin\AppData\Local\Temp\f3800a7223fa24b1df3efff490172e0b73afc2359303e2476247e070e4eb0911.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"C:\Users\Admin\AppData\Local\Temp\f3800a7223fa24b1df3efff490172e0b73afc2359303e2476247e070e4eb0911.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 7362⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1856 -ip 18561⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
266KB
MD52476542408ac90f148e99ed8f691dec3
SHA1a1a4324b846d65eb4b96b64c0950f40b47ca6db4
SHA256ca234e98b06332b96ef115de4d5d5a419347248aa8b45c233e1ecee73f3ee7b5
SHA51208b1a6833e6850edf0ab849f557adfb220244d0b04431e41eef3f1a25a585f9ed1dc4b7cb5bcabe98aa44745074268926d742021977b7d0414f2973c7264629e
-
Filesize
268KB
-
Filesize
2.0MB
-
Filesize
2.0MB