7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec

Analysis

max time kernel
150s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
Size

14.0MB
MD5

e2dc48609499a45167bfe506d753e553
SHA1

18ff37bddd7875c675aa39c7fffd7a0fa7100c5f
SHA256

7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec
SHA512

0352faa0dcaa762840e2b109ed77c8f60a45267c3c83ac64120b646f7fd084cc69164a311627aa81d0c04ea07dcb3a83d991d393fc2037eb1ccb81ddae84a9bd
SSDEEP

393216:VJOPPpUs5j/CC9FWMYxdI4NZXOOXyMn9VE28IsU:zOJx6RM2ZXOOXyMB80

Score

6^/10

defense_evasion discovery

Malware Config

Signatures

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4340 wrote to memory of 3224	4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe	88
PID 4340 wrote to memory of 3224	4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe	88
PID 4340 wrote to memory of 3224	4340	7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe	88

C:\Users\Admin\AppData\Local\Temp\7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe
"C:\Users\Admin\AppData\Local\Temp\7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4340
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\791fb7689d2c66129f2b75043f3b1f0d.ini

Filesize
511B

MD5
2bb27cc9ab2cbecfc4e8c37006918e53

SHA1
a52d789eca2949324fe47999cf5a6e726b7c8182

SHA256
83c1bfb07c8cebaf722971f20097cb23f0605863dcdcb1a1ccd62d025c6ad7ce

SHA512
946da938a399290e5d18c9753747e14b93da427b02165d5273b95a8deeb80eb8121d580e79f6c6782b9822b2d9fb66f5e4927fd229ed4d0c5227f769bbf9ac70

Download Submit
C:\Users\Admin\AppData\Local\Temp\791fb7689d2c66129f2b75043f3b1f0dA.ini

Filesize
1KB

MD5
7d2440a282f3e64a3fc84d144e20f1a5

SHA1
6528b4548c23e6574fd5db4f123584d28738cd48

SHA256
f990990c89915de49481773944a95d22651183fee58c6f12ce502c97e742890b

SHA512
38b422fd407d3e3d5dfb7155d9766805dd1ab57a198083162f20908a002fc25151fb6b9263733d5721ed77799a52c34ea4ce526d3e5f5689ed54765453589914

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f55100ef1dcc55b97b46a2cf770600e538f6e3ba12f724a32fad9ee63f4faec.exepack.tmp

Filesize
2KB

MD5
6014496e8f8985411a8b3920bc1e6433

SHA1
6d54070dc18c28e4307943d129165b0e1b6404ae

SHA256
aeb83e0d1363652bd9e21686d33f6e321b4f53331369f2a33c7c6a3a00d19796

SHA512
4d8fcbfbd5b9441a993ac67c73a89d5d4a8baba51984653e63e41bb47815313184c60874188e04b13214b8d10500090f678e822347bf2412bf401a251b50c783

Download Submit
memory/4340-330-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-332-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-6-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-8-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-2-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-4-0x00000000008DF000-0x0000000000DE3000-memory.dmp

Filesize
5.0MB

Download
memory/4340-0-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-326-0x00000000001D0000-0x00000000001D3000-memory.dmp

Filesize
12KB

Download
memory/4340-327-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-328-0x00000000008DF000-0x0000000000DE3000-memory.dmp

Filesize
5.0MB

Download
memory/4340-329-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-1-0x00000000001D0000-0x00000000001D3000-memory.dmp

Filesize
12KB

Download
memory/4340-331-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-5-0x0000000001320000-0x0000000001321000-memory.dmp

Filesize
4KB

Download
memory/4340-333-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-334-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-335-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-336-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-337-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-338-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-339-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-340-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-341-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-342-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download
memory/4340-343-0x0000000000400000-0x00000000012C1000-memory.dmp

Filesize
14.8MB

Download