Overview

overview

5

Static

static

5

0ef44cfb0a...ff.exe

windows7-x64

5

0ef44cfb0a...ff.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    92s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2024 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ef44cfb0a5a106c0f0520f32e01b0a06dfe54d93848fc5a7a92075f44eebdff.exe

  • Size

    1.2MB

  • MD5

    606af0a311fcb097fdce0ea71567c488

  • SHA1

    88078d9cd7a950d10a03fa689ed7279a001462a4

  • SHA256

    0ef44cfb0a5a106c0f0520f32e01b0a06dfe54d93848fc5a7a92075f44eebdff

  • SHA512

    a8b9933ca148e9902099b5a0294463634b16984763e77faddda9640cd0894918c7eefa4c4b97d74db4556c1bd5c0e6bf25c296f5bee84ea7b2b9ef19546e9352

  • SSDEEP

    24576:FqDEvCTbMWu7rQYlBQcBiT6rprG8arYdhB6yFHxmQTOIUh:FTvC/MTQYxsWR7arKfRxmQTn

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ef44cfb0a5a106c0f0520f32e01b0a06dfe54d93848fc5a7a92075f44eebdff.exe
    "C:\Users\Admin\AppData\Local\Temp\0ef44cfb0a5a106c0f0520f32e01b0a06dfe54d93848fc5a7a92075f44eebdff.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\0ef44cfb0a5a106c0f0520f32e01b0a06dfe54d93848fc5a7a92075f44eebdff.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aut88A8.tmp
    Filesize

    279KB

    MD5

    238378b47412f95f90707399cd971022

    SHA1

    2a61f0387e69e14b91e2e1fcd12090236d806da8

    SHA256

    2cd2c3a0289213dd4f4552a9289247543dd8f030eaac756cc8a1e831a6f17a7e

    SHA512

    b8de5059aa2b89d8da9746464041535e01ac9b1a27e28023b9b56690a4ab82ab6623837f4def835a0bf2906cd1acb4a6cdc7eefd01ba222f591506a7a30e4e5e

    Download Submit

  • memory/956-14-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/956-15-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/956-16-0x0000000001A00000-0x0000000001D4A000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/956-17-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2332-13-0x0000000003880000-0x0000000003884000-memory.dmp

    Filesize

    16KB

    Download