Analysis
-
max time kernel
150s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
11-09-2024 06:58
General
-
Target
b79cb1a813c3d8d88a65df33560e653420c8d7534c56e719eb3cd5a598a0da12.exe
-
Size
79KB
-
MD5
aa79b961c8f56e662e65c6de592875f3
-
SHA1
8fce3c94ae4a8b28ca397d32d5875dec1164400f
-
SHA256
b79cb1a813c3d8d88a65df33560e653420c8d7534c56e719eb3cd5a598a0da12
-
SHA512
ec3694ee720f57fab01215d83e4c7dd08497d0b11457e5749db70f387cfd06456b8eafbcaa80c5616a4aeeda3f05e53b0f0b9f43b53bbc56f3d737a3677348fc
-
SSDEEP
1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOJqBPX:GhfxHNIreQm+Hi2qBPX
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Modifies system executable filetype association 2 TTPs 5 IoCs
-
Drops file in System32 directory 4 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b79cb1a813c3d8d88a65df33560e653420c8d7534c56e719eb3cd5a598a0da12.exe"C:\Users\Admin\AppData\Local\Temp\b79cb1a813c3d8d88a65df33560e653420c8d7534c56e719eb3cd5a598a0da12.exe"1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system\rundll32.exeC:\Windows\system\rundll32.exe2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
79KB
MD56604fc375c188354d802b45c3292394d
SHA1570412df10f4a807385c46481576434ea8e08139
SHA256b126a69b63bdbd2481a063df94e654c7bb67a88881685a342548f6497827c7ef
SHA5126665f0cf97f2cfec7f856c3c3b5de49d4a04e2d007cf3a2278dc853fec0d37bd9a9dc538823facf7af7a14c2655c799c683502a1b8390c475284d501ca80be5d
-
Filesize
83KB
MD5098d1fd7ae5b34d1e160b4d83029b08b
SHA1a4f029f7a07ce8671e4ff4e3f7079047dc16a162
SHA2569b43d20c51c88031bb10d9f1ac1e77ea247ce712a24b251ab019f67d6eb0bd4c
SHA512627749501a138d044baf7d867d25f95497e3b7d85e56e470bab01f60c4d51b51d188a63e0560515fbb5f083c543e89e5dc1977c125959258113352e489e26664
-
Filesize
86KB
-
Filesize
86KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
86KB