Overview

overview

7

Static

static

3

3cfdb99370...0N.exe

windows7-x64

7

3cfdb99370...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-09-2024 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cfdb9937049f4da1c62e9ece7539840N.exe

  • Size

    1.7MB

  • MD5

    3cfdb9937049f4da1c62e9ece7539840

  • SHA1

    c31bd50debf42bbf6de495809ba3884433fea468

  • SHA256

    76fc4e71f3ad7a8b5bce65c15ec0a6cfa21ee7a23ad8d73a2a9505b638b6dc22

  • SHA512

    4b7ef6bb421871176d7e25e38df515ffe19f629d67dc7e8768d374ba7420ce05355facd29b1e46ca9a45076ca1ddc5c8866d162d97c4b0b58d625ffd9aa20183

  • SSDEEP

    24576:i+SFQyRru2P6TW+/OMiFhTCRQwG6F5/xsSSBl76xPbdHURIcNTKarBI:8ZubTWLb33s/xkl76FZUKaKarB

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cfdb9937049f4da1c62e9ece7539840N.exe
    "C:\Users\Admin\AppData\Local\Temp\3cfdb9937049f4da1c62e9ece7539840N.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\SysWOW64\WvCebBJ\3cfdb993049f4da1c62e9ece7539840N.exe
      "C:\Windows\SysWOW64\WvCebBJ\3cfdb993049f4da1c62e9ece7539840N.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\WvCebBJ\3cfdb993049f4da1c62e9ece7539840N.exe
    Filesize

    1.7MB

    MD5

    70426af1f7dc4f431cdccfacb5a4101a

    SHA1

    119b73a331509ba1c90d8576cafcf490f792ada2

    SHA256

    f2293f7ba52e3b457e24ea4dec7c7f1d814f64533c16318dce79ebc125ae802d

    SHA512

    f0fe4709b24f1c27f52c466c9cf1dd7231cfb1a77808611d7c2845c1051ae0b8670f5815718dff341a6dd059951b66f2a0f5d933c6abab78fce64c88b94e8958

    Download Submit

  • memory/2672-0-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2672-8-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4832-7-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4832-12-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download