Overview

overview

7

Static

static

3

0b151a77d3...0N.exe

windows7-x64

7

0b151a77d3...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 04:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0b151a77d3f3cec4f177668080bac890N.exe

  • Size

    1.6MB

  • MD5

    0b151a77d3f3cec4f177668080bac890

  • SHA1

    fed8e16c8d4835eed611169bd629f4d2aa3d7306

  • SHA256

    48c4264f693f22ff5968bb8048cd14d67bd6f9eac3586d0eacb30b1c77170997

  • SHA512

    85b3e3fdf1db62620801707902f988bf5bc221f9007fcf08cb23bff75e48b26573ab45a66ac2693520e38af3362efa6d8a3221235d9d42799fa81a1e9ee99233

  • SSDEEP

    24576:gawwKusHwEwS2MGqKrAczO6I6h6gEGe/NIsWvMyCShxkG:wwREDIJWShv2NuMskG

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b151a77d3f3cec4f177668080bac890N.exe
    "C:\Users\Admin\AppData\Local\Temp\0b151a77d3f3cec4f177668080bac890N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Users\Admin\AppData\Local\Temp\is-850A8.tmp\0b151a77d3f3cec4f177668080bac890N.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-850A8.tmp\0b151a77d3f3cec4f177668080bac890N.tmp" /SL5="$400DC,865850,776192,C:\Users\Admin\AppData\Local\Temp\0b151a77d3f3cec4f177668080bac890N.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2148

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-850A8.tmp\0b151a77d3f3cec4f177668080bac890N.tmp
          Filesize

          3.0MB

          MD5

          821ef686894d1218f52e1a9671a774d5

          SHA1

          069b33aed3f5adce692ea2a6cc812f718a699025

          SHA256

          c9f676f95601da4c301ccbf1428daaeb0be06057e937cd1a8d8f63fa008acdb2

          SHA512

          09e5bc6b2ac85d7f4207f24c47a866ffb349888217cac87e86a571fec6f33f685ee804492881107d2d236ffa520a5ddfde9611b840cb1e50a501382194ec925f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-MCULI.tmp\idp.dll
          Filesize

          232KB

          MD5

          55c310c0319260d798757557ab3bf636

          SHA1

          0892eb7ed31d8bb20a56c6835990749011a2d8de

          SHA256

          54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

          SHA512

          e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

          Download Submit

        • memory/2148-8-0x0000000000400000-0x0000000000706000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/2148-15-0x0000000000400000-0x0000000000706000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/2404-0-0x0000000000400000-0x00000000004CB000-memory.dmp

          Filesize

          812KB

          Download

        • memory/2404-2-0x0000000000401000-0x00000000004A9000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2404-14-0x0000000000400000-0x00000000004CB000-memory.dmp

          Filesize

          812KB

          Download