Overview

overview

7

Static

static

3

550cf20697...0N.exe

windows7-x64

7

550cf20697...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2024 12:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    550cf206978c8dc1e12b4d2a17b61530N.exe

  • Size

    395KB

  • MD5

    550cf206978c8dc1e12b4d2a17b61530

  • SHA1

    2f25b8ab56a244cc81731f9fd078103841492bc7

  • SHA256

    61d9c0dc0a13aced9c78151daee797a05d5c6a88fa4a285bf0d6d8c11e602d2f

  • SHA512

    8a9d8322264acf983b1af8450b928e1136d4b37d24dc79d721c0249c31dd178985f89f7ef931de5cdd9233998ca2aee90ff800fb36ec383a8f71a5d66ec3f1d4

  • SSDEEP

    6144:4jlYKRF/LReWAsUyEIsYUEH7Ei+1g7eXHIuis9nXLzydK0S0Yqzrx:4jauDReWyg+1G+AslXLzLg

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\550cf206978c8dc1e12b4d2a17b61530N.exe
    "C:\Users\Admin\AppData\Local\Temp\550cf206978c8dc1e12b4d2a17b61530N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:800
    • C:\ProgramData\vnqdtl.exe
      "C:\ProgramData\vnqdtl.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:3712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    395KB

    MD5

    6b40b95ac1e1af39d2c588ef082cdaf0

    SHA1

    0f68b562ed4774081f1685f12225157db07b044c

    SHA256

    ff769321320ba51cd14a2c3c8f3ea9da46b6e32f5ab33aaaab3c30bc3d42ce19

    SHA512

    a718be120b948e6fa4df717311650ae4378c43935da8d4251d845ee6cce2cfd781a83a5de1a8e36dd356e80e1efb2c7b28c10b35632430c0a8b9dc43c0a98ac5

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • C:\ProgramData\vnqdtl.exe
    Filesize

    258KB

    MD5

    ce29858367204be08c220b00aeab5fa2

    SHA1

    2fb8de7e3060c497ccabb8823a18663c5367732b

    SHA256

    5fd08e00abec439859a04a0c93f4354e28fd06b152a86e14711b3715eed0bb08

    SHA512

    1aa11e997179b0e624383290ecc558177714bb5caf41db4c363138df72f591ccbfed71cf69690da3ea6be2c200d88ff53e44b945fdf5e52bb0cf5aa6e1b9d8f4

    Download Submit

  • memory/800-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/800-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/800-9-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3712-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download