a46a95e3cb849b46d87d99a87aa86795938262026620e24fe4407b676ef0126e

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

488de811f5083dd8749f36134b4c0ef0N.exe
Size

181KB
MD5

488de811f5083dd8749f36134b4c0ef0
SHA1

2fec92075a163da5a811e0cbbc082eaeace06ba6
SHA256

a46a95e3cb849b46d87d99a87aa86795938262026620e24fe4407b676ef0126e
SHA512

c81c9623b4ddf974e12072d7fe66520023b9cfffc91d673420d0f9206dd200db8683b0af2df3e4b9520f520043286f88ce00a03fece36472da9f895bf60f1e72
SSDEEP

3072:gSUbxauaFNfQKPu+qxR/KpcT0qDn8mpKmNxMCZUjNsiUoz6Kcbhep1Lk7WbgV8W:gSGxhaFFQfxUPun8OCCZUjig8bh7KbgZ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4172	uninst1.exe

Loads dropped DLL 6 IoCs

pid	Process
3436	488de811f5083dd8749f36134b4c0ef0N.exe
3436	488de811f5083dd8749f36134b4c0ef0N.exe
3436	488de811f5083dd8749f36134b4c0ef0N.exe
4172	uninst1.exe
4172	uninst1.exe
4172	uninst1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	488de811f5083dd8749f36134b4c0ef0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uninst1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 4172	3436	488de811f5083dd8749f36134b4c0ef0N.exe	83
PID 3436 wrote to memory of 4172	3436	488de811f5083dd8749f36134b4c0ef0N.exe	83
PID 3436 wrote to memory of 4172	3436	488de811f5083dd8749f36134b4c0ef0N.exe	83

C:\Users\Admin\AppData\Local\Temp\488de811f5083dd8749f36134b4c0ef0N.exe
"C:\Users\Admin\AppData\Local\Temp\488de811f5083dd8749f36134b4c0ef0N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Users\Admin\AppData\Local\Temp\uninst1.exe
  C:\Users\Admin\AppData\Local\Temp\uninst1.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll

Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

Filesize
20KB

MD5
8f52a9ef3560a691b21ceba516d4be0b

SHA1
4caccff6d4640662456b6573dc7f2210945a0d25

SHA256
88d106dc07a1e27240603b18ff341eb4aa98ea89e52549f8c1e02c1f0d94bcd1

SHA512
6364ce682d13f4567c2e03450b1f07fd6327773e87ab190b0881d135185b208ad38f1e74b70ae65e14b2920c5482dffbc533e6df6a075fa7f844b10e0f6b4eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\uninst1.exe

Filesize
181KB

MD5
a4ecf8cefac3c799a8ad472da5df657a

SHA1
fb6d3bafab8ba39a453881b12a533d041e94ae54

SHA256
d440dcf8ff0a063b06dd581085efaeda45479b10614ca553035129207d3ef438

SHA512
0bc3d7dd5669031738b806e8efc46c7142246ab5607ad6fae07d984bb419b2e89b7aed5417ecfe913d8d49b9a58f078962ae7cbacacc1b329721c2fc0de76420

Download Submit