Overview

overview

7

Static

static

3

01e1ba7da4...11.exe

windows7-x64

7

01e1ba7da4...11.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-09-2024 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01e1ba7da4ba0dab57d85b6d587032b746827773e607c77d5f6b0014df24b711.exe

  • Size

    92KB

  • MD5

    6be009917289ab74d4e0030c26367323

  • SHA1

    ae6908af66e3c3fdd462c4193934f25c59d9d58e

  • SHA256

    01e1ba7da4ba0dab57d85b6d587032b746827773e607c77d5f6b0014df24b711

  • SHA512

    c943ec2007d7335575c67ece62fe5d8cd7c2d8ea0d770832aa7bb344a105e291be877d6822f87fe1da0148118028e070015eb181ec9aa405238f859da0ff79af

  • SSDEEP

    1536:jqBcjcygYu1nPyh0+mVVxlX9qNlmDWhX4eUH9AwkD2Y8T9NhOUws1MK:jqBG0+4xlX9qNlmWhjUGwdb

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01e1ba7da4ba0dab57d85b6d587032b746827773e607c77d5f6b0014df24b711.exe
    "C:\Users\Admin\AppData\Local\Temp\01e1ba7da4ba0dab57d85b6d587032b746827773e607c77d5f6b0014df24b711.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Users\Admin\AppData\Local\Temp\murzuja.exe
      C:\Users\Admin\AppData\Local\Temp\murzuja.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\murzuja.exe
    Filesize

    92KB

    MD5

    591ea58dce0b6947895ff10486e66b16

    SHA1

    0a4a6e8529fcaba2360f5e6cab98cf03a9b75868

    SHA256

    28f086bc0d89e8d352b2b141aa88f3afb6ef51e533b7f685cdb98639c54ca4a1

    SHA512

    0a431816bda208a5a7a03c5da34b2de3883e22222219ff98e76fa61946caf3fc79f13f0116ee74d5634e11f290234cdf408b1dbb168625f88c0d6353e0580225

    Download Submit

  • memory/1944-0-0x0000000000401000-0x0000000000404000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4808-5-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download