Overview

overview

7

Static

static

3

912ad03e04...0N.exe

windows7-x64

7

912ad03e04...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    102s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2024 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    912ad03e048e2a658d18b61e2f3e1da0N.exe

  • Size

    517KB

  • MD5

    912ad03e048e2a658d18b61e2f3e1da0

  • SHA1

    97f2b663acd5555aa795b6cdbc19ecda5652298a

  • SHA256

    1724fa5f21ec03ba2a2595979dba9099b9fcb1329ec19020faa7ffd082b4a490

  • SHA512

    9596b7ba981f0d1c18fe58d962d233685c7a1ce354eee57c623c0e963e3e6471351bba17bf9b62c11e18234c3d7b04bd6eb0a54b8852243c291ce9df22708938

  • SSDEEP

    12288:bWBm+95nHfF2mgewFX5R0CH5iFZWCjA5pW2JmrbNLRUVi:bWBz95ndbgfX5aiIPWgA5DorbNLRUVi

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\912ad03e048e2a658d18b61e2f3e1da0N.exe
    "C:\Users\Admin\AppData\Local\Temp\912ad03e048e2a658d18b61e2f3e1da0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\CC78.tmp
      "C:\Users\Admin\AppData\Local\Temp\CC78.tmp" --pingC:\Users\Admin\AppData\Local\Temp\912ad03e048e2a658d18b61e2f3e1da0N.exe 7D87426F8C6A3005EEC64E15E6967C6866549CCE5C4F3E07D11415F7D826058A0C60161563952BEE7CC29707C630F36DDAB2AE1CEC55FE8119AF4AA6EABEFD73
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Modifies registry class
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:3248
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\912ad03e048e2a658d18b61e2f3e1da0N.doc" /o ""
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:4484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\912ad03e048e2a658d18b61e2f3e1da0N.doc
    Filesize

    35KB

    MD5

    59975947e6db92e743655ebdf2e3c495

    SHA1

    5e967d85a4df28f9fed485156919a14fb411d18d

    SHA256

    83c9df8884ffd5b51bdbdb9314d587477ecf50c3144c6c230ded3a3041f24e05

    SHA512

    1cdc533bcc9bf50c69dd3a516c4fff8f24cf2ba9ecf1df885c12d4f459727b63c2d7f1a388ac0a4ac2fe59fe1bd5f5cb623001c736df33490fb245e06d7af692

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CC78.tmp
    Filesize

    517KB

    MD5

    ce3540ba39df06a716a0af19f33f6f4e

    SHA1

    9a1e49833a644054b16b20a18ca80101efa7c506

    SHA256

    73bbe25f0824ecd06f6dd31d8933f486b354cc57cac97ccc3b5a0a4794637d0c

    SHA512

    d5cc0a1c2067f0c2a4fbcc3c51be12db0fefdf5c3dde35f06b60770e4023a598fe3d86a911bc43641e4a9810051d83918d68ab4caaae84d18d9b633ee4119db2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Download Submit

  • memory/1700-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/1700-6-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3248-5-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3248-16-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/4484-34-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-25-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-20-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-21-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-26-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-29-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-30-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-31-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-33-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-32-0x00007FFF269D0000-0x00007FFF269E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-28-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-18-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-35-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-36-0x00007FFF269D0000-0x00007FFF269E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-27-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-19-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-24-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-23-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-22-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-17-0x00007FFF68E8D000-0x00007FFF68E8E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4484-55-0x00007FFF68E8D000-0x00007FFF68E8E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4484-56-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-60-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-67-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-66-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4484-95-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-97-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-98-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-96-0x00007FFF28E70000-0x00007FFF28E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-99-0x00007FFF68DF0000-0x00007FFF68FE5000-memory.dmp

    Filesize

    2.0MB

    Download