Overview

overview

10

Static

static

3

826384807c...36.exe

windows7-x64

7

826384807c...36.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    826384807c0348993c782416921adf09f281f8b18aae261d1d30d3c6dd0a6b36.exe

  • Size

    413KB

  • MD5

    586c5ac34c86291bac60c8e223aef094

  • SHA1

    80cd750b35f09ecb88a31ca9166a4e3252a14423

  • SHA256

    826384807c0348993c782416921adf09f281f8b18aae261d1d30d3c6dd0a6b36

  • SHA512

    0733293ef0b785d7aa237b640251824ee125eda4c2b0a26d307a3d05d82d1a9ac5d5912438945d9f743decc9eccf4517f17dc9ec5199b7f50d261bd03e4361a0

  • SSDEEP

    6144:ITNE3ZRrnaBVlvphVxmP+6CiejgcME1cwYfU+va+RUS:ITNYrnE3bm/CiejewY5vR

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\826384807c0348993c782416921adf09f281f8b18aae261d1d30d3c6dd0a6b36.exe
    "C:\Users\Admin\AppData\Local\Temp\826384807c0348993c782416921adf09f281f8b18aae261d1d30d3c6dd0a6b36.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Roaming\c5e4gxfvd4v\ximo2ubzn1i.exe
      "C:\Users\Admin\AppData\Roaming\c5e4gxfvd4v\ximo2ubzn1i.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1068
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
        3⤵
          PID:2688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\c5e4gxfvd4v\ximo2ubzn1i.exe
      Filesize

      413KB

      MD5

      5145669116cdeaf24b4298cb63776bbe

      SHA1

      dd2b5f7b5922f1ea4f3db6ac121ded4108a6f0ca

      SHA256

      9cd6822a5dbbee99158b6e57f1afc414ada7d46b3b1b63770f933db783aad6b4

      SHA512

      6f27b1a33de6d5c6f9939bd5653c1c2fc975a4d9fa80f5c1843afd981a350ef0c4640b50ce8cce435bcacd7c53901e102c9cf1ad3bd5a67824b50768d65efc99

      Download Submit

    • memory/1068-15-0x0000000074C90000-0x000000007537E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1068-14-0x0000000074C90000-0x000000007537E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1068-13-0x0000000000EA0000-0x0000000000F0E000-memory.dmp

      Filesize

      440KB

      Download

    • memory/1068-16-0x0000000074C90000-0x000000007537E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1068-17-0x0000000074C90000-0x000000007537E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2548-0-0x0000000074C9E000-0x0000000074C9F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-1-0x00000000001E0000-0x000000000024E000-memory.dmp

      Filesize

      440KB

      Download

    • memory/2548-2-0x0000000074C90000-0x000000007537E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2548-3-0x0000000004450000-0x000000000448C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2548-12-0x0000000074C90000-0x000000007537E000-memory.dmp

      Filesize

      6.9MB

      Download