Overview

overview

5

Static

static

5

72260ed8bd...02.exe

windows7-x64

5

72260ed8bd...02.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72260ed8bd6765e693be70c4278243c21c6d287ba4ba87a590445d87b675d502.exe

  • Size

    1.2MB

  • MD5

    f312942864ed3754e0ee9532ebebb95c

  • SHA1

    4cc63383cc63a722428bc478eb8ce62c1485f511

  • SHA256

    72260ed8bd6765e693be70c4278243c21c6d287ba4ba87a590445d87b675d502

  • SHA512

    2412b156086159c147f3bf6fbf47d7d0f1c05c29e0ef234479319fdcbc1bace0320b69abf74749370cb7f64889df5dd39ed8b6d649bcfacd60b11dbdbf58cb16

  • SSDEEP

    24576:X4lavt0LkLL9IMixoEgeas5t9z23xSmGMEOqyvgq9MmCS:ykwkn9IMHeas5t963dG2qyYaPCS

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72260ed8bd6765e693be70c4278243c21c6d287ba4ba87a590445d87b675d502.exe
    "C:\Users\Admin\AppData\Local\Temp\72260ed8bd6765e693be70c4278243c21c6d287ba4ba87a590445d87b675d502.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\72260ed8bd6765e693be70c4278243c21c6d287ba4ba87a590445d87b675d502.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\antiprimer
    Filesize

    281KB

    MD5

    314e6d8104878a93d81770caf64dad4a

    SHA1

    25d49941f4b5be7b951b86f5d0800f29627ff60e

    SHA256

    c9e6d9e76764538df6dc1b7ad5f475f350f690001ef9ed82cd085f8c40c3aaba

    SHA512

    f4b35023401175562fa2d8c99510e4f08b5d6e997368c1df9fc2aa39196018b07df5d3b7390be7cb82782eba7034c2bc85b64e5c2e7b9bd94ac817e78e11c802

    Download Submit

  • memory/2672-6-0x0000000000310000-0x0000000000314000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2800-7-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

    Download

  • memory/2800-8-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

    Download

  • memory/2800-9-0x0000000000B90000-0x0000000000E93000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2800-10-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

    Download