3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0

Analysis

max time kernel
92s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe
Size

5.5MB
MD5

a98cb87105b5821fb909395b312e8909
SHA1

f6e3ca49be0db3fadda3fc2d2347822eab7d7b6b
SHA256

3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0
SHA512

4e3f725850c6b4b23844f27f5d085415a778a07c7d40ff59b23f0532657ab656072c3bea2e3a004fb6c5e7fd7f38d0ec5bf187e929409ca762755cf25517847f
SSDEEP

49152:9rFWhb9twytzumQErFuYXbawmJEsT1BK0FDceWHtA7tUfPF:/WhbTVuEFuYXmD3K0dkN79

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1892	3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe
1892	3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe
1892	3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe
1892	3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1892	3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe
1892	3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe

C:\Users\Admin\AppData\Local\Temp\3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe
"C:\Users\Admin\AppData\Local\Temp\3329bea49af8023dd3f384098bed55681692c96dc53e52e46884b105c33eebe0.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1726025612\BaseBoardApp.dll

Filesize
63KB

MD5
f38e79f8164067281fcda78aaec0c9da

SHA1
3523e2833ae8c2e4cbbbf9b4a20ee7ccd5c42af8

SHA256
708c96409a0810d01e86767a15b0ed0dfaacce04226d4126b93125f04c2dc2a6

SHA512
9b3ff5567104c10176b2599c7ed835440e822e13da418858a24529d26ac76d5eddafc520fb49bcfabca249e0b20c220fe188d1b790333d08938c173e16622ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726025612\EIPBoardApp.dll

Filesize
30KB

MD5
08af3a6029bcf9e9548da97f17d61664

SHA1
717d14ce1c3b6d8aaea49edf05eb2eb807634a04

SHA256
819fa6e1781ae2fbc9a7a06d9fbadebd7a8e8a2b215bc3edb4392d305df0f737

SHA512
d3d277c5259bfc0eac3ef16a11ac60bc3213b41f75ba6f3ca92be4a90da50dc8a62b4b6a04e0d21845eceddcbebabcf1473acf8f150e5362c382fc224bf7d6d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726025612\ISMBoard_Dll.dll

Filesize
329KB

MD5
756f35e6afea72e88ef57a410f53536d

SHA1
d7e32e49377d838bf278d1f1f494eede77cf6424

SHA256
d81b9ceca12de699791544713cef66a20213fa1d4825410b7e5330805881a88d

SHA512
6aa04cae76b575942c6f2d36902733a194f25c9586afcfa015fa69afc7f3cf343bb40339a60776eb9aa383d30dc61674273d3f3af311c43217fe35f27463d3a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726025612\RelayBoardApp.dll

Filesize
33KB

MD5
533ec22e8d042d333df144344cdf81e2

SHA1
4d8470bffac05524370e764beb3d6df086878392

SHA256
c4ddf4eef45f4effd49db1051b7cdce09c9836cde92bc27143e3f609b98b0439

SHA512
2ee89f6bf1304170f295051cd0914b593b6275491eb2dfbd24c2aae1e5280bca4c43b61528a67074d37ae6ac8b9f32ac6b5a10e77f9c4faf4f18ebc42bcf15aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin

Filesize
2KB

MD5
33c8cc2547cde2d63223ccd1dcbcdaef

SHA1
2fc9e4f5795f8b2bb6430c7a0d0e2d9aa909494a

SHA256
c2845f1037363dadc884c2e834556826fe31eb38267d0f70b410a9c80c4fa93d

SHA512
79b1f631c718b4f5792c9518d167452cb0f15c42c3650d9e314b199876ee88660e3002d1efb4ec6a5b1b76b91295495564b92d1cc265445d08d2874108bb553d

Download Submit
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

Filesize
40KB

MD5
b5cc67fb7312cea6374108c9f8730ca4

SHA1
1de0ae75c657c3b80581e60b5a0f7a4ff14e0849

SHA256
e904538c0b042c4db44cbd851469272e26bda61a0aa13b2c26869fa22efbb6fd

SHA512
967b875d5e8ba111e8d18632a4be6c77f174bbfe868c9b4ff2a7cccfd21780eddaec8cb7e819a8ed10cf131437faa065e00f0c179531dc25f2b3ca4dce66fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

Filesize
40KB

MD5
15fda223f91f34a04e952433de13b9b9

SHA1
3ee75fb40de68e3b85048c98260977fde4c8c2f3

SHA256
131f50c757635a09abe798d47b6ad9f94ecfe429f35c0ecd5f77420f46220b7d

SHA512
02154656a38f2645febc9c25ac3f6d9773626a1ef6e5c2c97a111029bd291d0c55dc1637900b0f14f4047d35c912d9d90bbd5439ee81274a625e882f772bab56

Download Submit
C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin

Filesize
2KB

MD5
5352afeaee99600f13119e54617338ac

SHA1
0f6446eb64cd5d93d1bf9f9a70ad0adbbe345b34

SHA256
55c10f2dc26b6fe6d2b691fea5fa87d91f3576721980b480f26557d1df4c5a66

SHA512
af1cb29cb821ef7f633d41ecf8fa25c45e2aef23960b23b7ce98bb799ee102b7683daed31bed4438efd659d21d6b4ea386f84767be5f3e919e0dd4c935a3bf13

Download Submit
C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin

Filesize
32KB

MD5
588c4d4eeaf7d8844703994502d8ac42

SHA1
dbebec220e2e56ad77a60acf0a2fc35a0271803e

SHA256
80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc

SHA512
2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin

Filesize
2KB

MD5
7c196b03388985ea216eed143a943ee4

SHA1
8d5ec35b397e4bd672d0c46bf63595e495e8654a

SHA256
8c539eecd6cd5ac774591f9d6fd52e308d1bbc5561fefcea6fcd4eb403e8acac

SHA512
c4a5be6a4cb8f94e33e46590beab74c7461b8eb8227a539acdb9ba09e872b336d03a36f5fcce7f15e219c0d195d5856f77ca18646382e4a95cb13a2a88d0c104

Download Submit