Overview

overview

7

Static

static

3

eb5328493f...0N.exe

windows7-x64

7

eb5328493f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    101s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 15:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    eb5328493f35d7ca2b11eecaaaac0ef0N.exe

  • Size

    481KB

  • MD5

    eb5328493f35d7ca2b11eecaaaac0ef0

  • SHA1

    cdbee87ab85ef833ee1851f9eeac257b06b43c4e

  • SHA256

    d5ce4b3ec815bc4a6f6e99c02200bfc50f100697003209a3d01f28dc8fe278c4

  • SHA512

    0b19db89b470208268bd680d639cbd72616fde283e26d59aa87f00ad1f0c9d1c3fcc5f16539442a6a529dfc0dc9362ca869c54e42a611579b8d09bdf5dbc3a38

  • SSDEEP

    6144:a2VHOZ1nkHRfDDogCad39teYHQLhR1o/AWeTBK:pOZmHRfDDogCQHQL1cdeTY

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb5328493f35d7ca2b11eecaaaac0ef0N.exe
    "C:\Users\Admin\AppData\Local\Temp\eb5328493f35d7ca2b11eecaaaac0ef0N.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3412
    • C:\Windows\rXsAWKYF\svchost.exe
      "C:\Windows\rXsAWKYF\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4816

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\CLOG.txt
          Filesize

          166B

          MD5

          f10139025b780f2e0c1ac1e4b0b1784e

          SHA1

          2872345c36cd9650520967dd3f436b60a72cf52a

          SHA256

          b03de6dc0c3aa6e35f917bac4581f2cdbcd0ffe5e3c7da9ccef1670760958aa5

          SHA512

          1ec022b001e3043f4aafc1141c45b87ec5d16bd9f0751cc023f0781a2ca2bf44517881946c9926fca25194e9458153058f5a896ef088dd686e61d32c19486ecf

          Download Submit

        • C:\Windows\rXsAWKYF\svchost.exe
          Filesize

          483KB

          MD5

          6804341fa7eafe38430a03df3dd013e4

          SHA1

          bbf4a7883d9b138ac2d36a9be188883e4154a9c1

          SHA256

          ed38efd159307beeac66501db970c7fb0b79dec0f3205afb883db14590aeae5c

          SHA512

          47078de2b4eff85190b4aeb76f022bb426afd1f43e990bcc90cf040e6023a824d38b15e9500bf0e620b431ec19e12e1c55c1cfe58db520ae7f11f9c278986879

          Download Submit

        • memory/3412-0-0x0000000000400000-0x000000000045D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/3412-10-0x0000000000400000-0x000000000045D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/4816-8-0x0000000000400000-0x000000000045D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/4816-13-0x0000000000400000-0x000000000045D000-memory.dmp

          Filesize

          372KB

          Download