b651797aedfe83bc134194e3ccd087d1f03b37bb6a959578b6f58f8888dde301

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b651797aedfe83bc134194e3ccd087d1f03b37bb6a959578b6f58f8888dde301.exe
Size

557KB
MD5

5e0fb2470ae067c890f136f4f07f9a6e
SHA1

9a6e0f75281e9224bc14f5bd30705239975011d1
SHA256

b651797aedfe83bc134194e3ccd087d1f03b37bb6a959578b6f58f8888dde301
SHA512

3c096325ad5ec5af4d4f4dd0d1d7f27e7bab254344016617884368dc8bd022fa71466b09a3774d792769e74437e026ec6380ea93081c1ab30340cdd0f3ade6b1
SSDEEP

12288:DJ2y7DUJlR5rWiKTH72nAGtdRVPWP/5jTRiXU/5/Xv8kf0YQYrXDxwtqaAwcOpH:t2UDAlnaiKTSnlHWP/5jNXX

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2024	b651797aedfe83bc134194e3ccd087d1f03b37bb6a959578b6f58f8888dde301.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b651797aedfe83bc134194e3ccd087d1f03b37bb6a959578b6f58f8888dde301.exe

C:\Users\Admin\AppData\Local\Temp\b651797aedfe83bc134194e3ccd087d1f03b37bb6a959578b6f58f8888dde301.exe
"C:\Users\Admin\AppData\Local\Temp\b651797aedfe83bc134194e3ccd087d1f03b37bb6a959578b6f58f8888dde301.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
580KB

MD5
4e29177f27dd60c8e4b1e7953f12c673

SHA1
78ae98020324481b94c6a0cc68a4e101f6408022

SHA256
c09f037804b68ba63a5634f5383bbcc3a5bfaa6115adcf88a4e361af897d9d88

SHA512
b5f0ada825c62f72999711f6813579cfda75ab04536fd4fefcef5aa4b49958ebb75f5f2298184cb6258818f92c6573724e10ffe4d0dfec2b0067c9d115ca3fff

Download Submit
memory/2024-0-0x000000007429E000-0x000000007429F000-memory.dmp

Filesize
4KB

Download
memory/2024-1-0x0000000000D00000-0x0000000000D92000-memory.dmp

Filesize
584KB

Download
memory/2024-6-0x0000000076770000-0x0000000076831000-memory.dmp

Filesize
772KB

Download
memory/2024-7-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download