cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70

Analysis

max time kernel
93s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe
Size

6.7MB
MD5

3eff9413e92eef737885f4f704b2bec5
SHA1

c76044b3e03b99ef931ae537727efddddf6f9368
SHA256

cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70
SHA512

3aafd8ea1c401a90f931fc1862482fd93b317fec20152a2612f7b12c4edcde074340cfc886aac7d04b742f35ff04b53a58a93e62f6b1b9984524d49c0e1b5577
SSDEEP

196608:CXDDlNfn5ALQVGeWIzVvGumvCudL6OC9o1mI5:Ghn5kGheuWCCf5

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1540	cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1540	cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe
1540	cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe

C:\Users\Admin\AppData\Local\Temp\cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe
"C:\Users\Admin\AppData\Local\Temp\cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DD94687.32.dll

Filesize
2.4MB

MD5
13f2e7749a11b795dd5db7b728406c75

SHA1
bdd392df6c7007ef5fe93fd0eeb7057f48ed8d13

SHA256
5b8b4ec5622aabed629e8e9eb2dff9368bb4a6465d00d8bbf1ecb195688782e4

SHA512
632766da9492b4678a258bd66de637e62da057199a80007626ae31d0734f0ab98f5c11ff43fc129d8ad6a01b9124377740a3fcfe9c641da7baf0616bc550ff29

Download Submit
memory/1540-8-0x0000000075030000-0x0000000075345000-memory.dmp

Filesize
3.1MB

Download
memory/1540-9-0x0000000075030000-0x0000000075345000-memory.dmp

Filesize
3.1MB

Download