79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618

Analysis

max time kernel
106s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe
Size

672KB
MD5

cf870fbfa7543d693d67fa43cd16eac0
SHA1

ad16a1f17b0a6f0a469122c181e56a3c8b2848fa
SHA256

79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618
SHA512

ed9f82089f76f2a016b4c8f9f5d910aa785e84aed74cf7751da722faf3207405c90f9bfc3e533720895b6d6706be24b20b07f59f7041b413dc60b054ea9282d6
SSDEEP

12288:5XYWn7HKiLmVedA4M0xsY6C/gDaNmvfEuZTCun/Wuux0uguu2uuuJuDoy57gLRu9:hYO7HKi6VeeBqsYvonvfEuZTCun/Wuud

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
45	raw.githubusercontent.com
46	raw.githubusercontent.com

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.krt\SYCYX	79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.krt	79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.krt\SYCYX\E_A_MAR = "1726396574"	79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2248	79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe
2248	79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2248	79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe
2248	79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe

C:\Users\Admin\AppData\Local\Temp\79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe
"C:\Users\Admin\AppData\Local\Temp\79584e5fd5619c782950f2252ce08ea7c8fbe2f39a102b918ca886414076b618.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1615.tmp

Filesize
2KB

MD5
03d0a52b2a1a3d18270fa233b4a2512d

SHA1
fcb1f826538cd1fca4741dff76306392a70a7ea1

SHA256
b6d5c84266f58e429bb48e441b70c2c6e9b5a6197ff015a70e01e171c8653c98

SHA512
4e660e005d06cda1f943a40e51d60dcf878f51e620e1a2db693555cfde03446c72453b32b698ab4ff42af1b22c2c04dd7fb352be2c87d15741383672d6db253e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1615.tmp

Filesize
1KB

MD5
aadf9bb7bad50e7e78e99ae1c2f988a8

SHA1
cbe137ea7a12b5f074cc898b19cbc5911597c761

SHA256
5f68524012b82efa10e7dab57cd5b39e19bc87c0b83509bbe9ce6142a82a745e

SHA512
269958fb2017e68588f88c0458387b011b9db49c0d0d1e0ef4fbf91ca6ae1f395782b1fc05da75965d49d7d82c2acec3887ea73ea7b2d14878184a092c0bf3a9

Download Submit