Overview

overview

10

Static

static

10

0468127a19...1f.exe

windows7-x64

3

0468127a19...1f.exe

windows10-2004-x64

3

2a3b92f618...6b.exe

windows7-x64

10

2a3b92f618...6b.exe

windows10-2004-x64

10

b154ac015c...cf.exe

windows7-x64

8

b154ac015c...cf.exe

windows10-2004-x64

8

b96bd6bbf0...69.exe

windows7-x64

10

b96bd6bbf0...69.exe

windows10-2004-x64

10

bb8e52face...3e.dll

windows7-x64

8

bb8e52face...3e.dll

windows10-2004-x64

8

ca467e3323...a4.dll

windows7-x64

8

ca467e3323...a4.dll

windows10-2004-x64

10

e93d6f4ce3...ad.exe

windows7-x64

10

e93d6f4ce3...ad.exe

windows10-2004-x64

10

fa5390bbcc...f6.exe

windows7-x64

10

fa5390bbcc...f6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b154ac015c0d1d6250032f63c749f9cf.exe

  • Size

    457KB

  • MD5

    b154ac015c0d1d6250032f63c749f9cf

  • SHA1

    c96eab62367bd9efb5e124621d8dc2be7c5a61be

  • SHA256

    f33c78cddcf99dd999b065644a17dcbac1b222a7f3342b3fe3293ddb6ecf0060

  • SHA512

    dec37485f6e9e9109fa954d5e024223f555af7c2b12f5c9855aa77b43e97d5e54f4cdc651331eee2c7fcaf0a3fa58bb41222cdb3ce16c84b444ef564e7ce6eeb

  • SSDEEP

    12288:vw4bw/3KjP7bHnREf60JDQJ1MFrhi9PFBVoI+kA3dz+YsM9jMw9pMQH/Nxct+fbN:I4bw/3KjP7bHnREf60JDQJ1MFrhi9PFE

Score
8/10
discovery

Malware Config

Signatures

  • Modifies RDP port number used by Windows 1 TTPs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b154ac015c0d1d6250032f63c749f9cf.exe
    "C:\Users\Admin\AppData\Local\Temp\b154ac015c0d1d6250032f63c749f9cf.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2684-0-0x0000000000270000-0x00000000002A3000-memory.dmp

    Filesize

    204KB

    Download