00b95ee317c9585a02c789b56ea01bc7b3e6a6d2cb3d9a081664e6e6dcd1cbbc

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c67b874d8bb9677d10726910a01e360N.exe
Size

162KB
MD5

2c67b874d8bb9677d10726910a01e360
SHA1

acbc312214a5a3a0dcf370252050009a38746fd0
SHA256

00b95ee317c9585a02c789b56ea01bc7b3e6a6d2cb3d9a081664e6e6dcd1cbbc
SHA512

d2dacc773f509311482d795991bee7a5e705611e5f40d2dc03aa38c72f8cbe92bbf0a2abb209dd31af2a95bb82b84417dc4246bf0a80812a1fbe1c77a61de414
SSDEEP

3072:DJEpqJJ8YQShlZdwm5RkRQre+aecf9eR2QtdiuRMLdxs7M+1u:VEpkJsShqmEa6xecf6ZSu2s7R1u

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2720	2c67b874d8bb9677d10726910a01e360N.exe

Executes dropped EXE 1 IoCs

pid	Process
2720	2c67b874d8bb9677d10726910a01e360N.exe

Loads dropped DLL 1 IoCs

pid	Process
2736	2c67b874d8bb9677d10726910a01e360N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2c67b874d8bb9677d10726910a01e360N.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2736	2c67b874d8bb9677d10726910a01e360N.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2736	2c67b874d8bb9677d10726910a01e360N.exe
2720	2c67b874d8bb9677d10726910a01e360N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2720	2736	2c67b874d8bb9677d10726910a01e360N.exe	31
PID 2736 wrote to memory of 2720	2736	2c67b874d8bb9677d10726910a01e360N.exe	31
PID 2736 wrote to memory of 2720	2736	2c67b874d8bb9677d10726910a01e360N.exe	31
PID 2736 wrote to memory of 2720	2736	2c67b874d8bb9677d10726910a01e360N.exe	31

C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe
"C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe
  C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe

Filesize
162KB

MD5
798152d14877d2d6dc9b3cc84fe636fe

SHA1
cf94044c7b93aa22adbd50bc0a98d44e3c8402f3

SHA256
a3e2f2e71a06bf80c4449548aff96ba017f0de91d3205378d75dd614bf0cb639

SHA512
424ea728c173d63f986377ce8d776f59ca2ac03c415b8c7549b42bcf3e25889f0406a0e9e2b80f88db935061ef410b7089e9ef76a4564d3163339f54004aa79c

Download Submit
memory/2720-18-0x0000000000140000-0x000000000016E000-memory.dmp

Filesize
184KB

Download
memory/2720-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2720-29-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/2720-30-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2736-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2736-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2736-9-0x0000000000140000-0x000000000016E000-memory.dmp

Filesize
184KB

Download
memory/2736-12-0x00000000003C0000-0x00000000003EE000-memory.dmp

Filesize
184KB

Download
memory/2736-17-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download