00b95ee317c9585a02c789b56ea01bc7b3e6a6d2cb3d9a081664e6e6dcd1cbbc

Analysis

max time kernel
97s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c67b874d8bb9677d10726910a01e360N.exe
Size

162KB
MD5

2c67b874d8bb9677d10726910a01e360
SHA1

acbc312214a5a3a0dcf370252050009a38746fd0
SHA256

00b95ee317c9585a02c789b56ea01bc7b3e6a6d2cb3d9a081664e6e6dcd1cbbc
SHA512

d2dacc773f509311482d795991bee7a5e705611e5f40d2dc03aa38c72f8cbe92bbf0a2abb209dd31af2a95bb82b84417dc4246bf0a80812a1fbe1c77a61de414
SSDEEP

3072:DJEpqJJ8YQShlZdwm5RkRQre+aecf9eR2QtdiuRMLdxs7M+1u:VEpkJsShqmEa6xecf6ZSu2s7R1u

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3068	2c67b874d8bb9677d10726910a01e360N.exe

Executes dropped EXE 1 IoCs

pid	Process
3068	2c67b874d8bb9677d10726910a01e360N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2c67b874d8bb9677d10726910a01e360N.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2168	2c67b874d8bb9677d10726910a01e360N.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2168	2c67b874d8bb9677d10726910a01e360N.exe
3068	2c67b874d8bb9677d10726910a01e360N.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 3068	2168	2c67b874d8bb9677d10726910a01e360N.exe	86
PID 2168 wrote to memory of 3068	2168	2c67b874d8bb9677d10726910a01e360N.exe	86
PID 2168 wrote to memory of 3068	2168	2c67b874d8bb9677d10726910a01e360N.exe	86

C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe
"C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe
  C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2c67b874d8bb9677d10726910a01e360N.exe

Filesize
162KB

MD5
0b9585fc8cf851c86443f8fb55c54bd5

SHA1
e4a174c906fdf080289ec0d3a02e3ef4c3270784

SHA256
a941d33d97d12aa3acaf134f7f0e895e609e0a36c344126c0f04d931bfb4d362

SHA512
c4c786987c0456b70ea316668c804888428db825fd8af705c0eb8b2927e22892ab0f0496ce6c0577f6490093d864fad7650b21a21534186dc6f822b1b68d4963

Download Submit
memory/2168-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2168-1-0x00000000001C0000-0x00000000001EE000-memory.dmp

Filesize
184KB

Download
memory/2168-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2168-11-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3068-13-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3068-19-0x0000000001430000-0x000000000145E000-memory.dmp

Filesize
184KB

Download
memory/3068-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3068-25-0x00000000014F0000-0x000000000150B000-memory.dmp

Filesize
108KB

Download
memory/3068-26-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download