Overview

overview

7

Static

static

3

b8599c3f3b...0N.exe

windows7-x64

7

b8599c3f3b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-09-2024 01:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8599c3f3b018f8a5cab193fba0af150N.exe

  • Size

    995KB

  • MD5

    b8599c3f3b018f8a5cab193fba0af150

  • SHA1

    4ad1d799ffda3a787854e3eeb416b06b1034f1db

  • SHA256

    3a577c1f05a76a432c3811eb5c65ca71b3e08106f6d52d5b1357ebc2e78b0da6

  • SHA512

    19707fb9a7ad1c5511925afdd6a3f025345d56f2bb36828d189fbd7b72ed6080efe81909ec7801772f8db8de8d04950664a4b63f97c5427e8843384012bab310

  • SSDEEP

    24576:4DD/3cVwxu0I/nCkHdXMsHAVI5GJIZCupCfpSI5CVJQGC2DKIxMP:i3cK9AHgVI5GJIZCupCfpSI5CVJ/DKn

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8599c3f3b018f8a5cab193fba0af150N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8599c3f3b018f8a5cab193fba0af150N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4064
    • C:\ProgramData\ngigys.exe
      "C:\ProgramData\ngigys.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    995KB

    MD5

    1082598bc474f87b30a86552362e8bf2

    SHA1

    7dd50d0a3d0a30383190d6c0221cafdb656f0b9e

    SHA256

    609750d1f6ae897d91c3da37074cb75cffab1411b447ba11ff1e5992ce557694

    SHA512

    4303d611629c8fe71bcadc5e6490a2f91966c7b25be017e59773692e4c32d8314d8ac6000c882d798bc533db08e58b8adc29a8be6027bcc92816917c8f52e779

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • C:\ProgramData\ngigys.exe
    Filesize

    858KB

    MD5

    5ff7afdcdc4db46d0918906c25c4b5be

    SHA1

    44b02c4a8ed4ceae66cc09ea7e294f34f4e71811

    SHA256

    211b4ca9bca1655b27954c4796ecd29e8943b40a04a24276b38e7074e718fcb7

    SHA512

    06df2504fef46421e5ea671b8373ff733b2c3f81de9fd2721223155562cbf7b2e396981b72da8dfa94010dbfdd458fc4aaba9d229c7b92ce605e250bbad2fe2c

    Download Submit

  • memory/2504-100-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/4064-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4064-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4064-9-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download