ab7d521c4c56ad3b3770b2b0a649c2b3ffa81fe94ee06332a4452df07d255ab2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ONECHEAT.exe
Size

448KB
MD5

728237a4c764e4d900da529c03221920
SHA1

1e1beddcbee0c8d090eb188048eff6ee0997568b
SHA256

ab7d521c4c56ad3b3770b2b0a649c2b3ffa81fe94ee06332a4452df07d255ab2
SHA512

b1353f225a09dfaef9ba0658be54e8db69ead5190e9d5722d768a6e721e3b98fda575fe9f4997a8c703c38bbd324e0233b3dae5d72f3c0d47a3f5d0620e6c1a9
SSDEEP

12288:FZfHlRPh/A68I27x5M1V8DDGLPy/orQ0ldIdu71djOwU7x4CUzmDrgj:FZf5/AtI2LM1V8HRI

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2724	ONECHEAT.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ONECHEAT.exe

C:\Users\Admin\AppData\Local\Temp\ONECHEAT.exe
"C:\Users\Admin\AppData\Local\Temp\ONECHEAT.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
613KB

MD5
22b0a48518c238acd90ddf8454aea859

SHA1
f96e81cce0729137f426cff999eb2010426d9828

SHA256
dd88aec95c26e8f0401b53a25be8e5ad293f484528bc38775cd289fd4507372e

SHA512
f4d99a046b15285826a77ebce4603d0d44e24df0fea6e6dfd152aba656480180b3b36dccf66f4c9b8abe0bfeba68948eb99992a1e56d6957f1876cd3614e2ce8

Download Submit
memory/2724-0-0x0000000074A4E000-0x0000000074A4F000-memory.dmp

Filesize
4KB

Download
memory/2724-1-0x0000000000030000-0x00000000000A8000-memory.dmp

Filesize
480KB

Download
memory/2724-2-0x0000000000410000-0x0000000000416000-memory.dmp

Filesize
24KB

Download
memory/2724-7-0x00000000771D0000-0x0000000077291000-memory.dmp

Filesize
772KB

Download
memory/2724-8-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download