Overview

overview

7

Static

static

3

c9ebae2137...8N.exe

windows7-x64

7

c9ebae2137...8N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    97s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 01:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c9ebae213732c79aae34cdd085da04accae29e324d09b22b129055a802ab91b8N.exe

  • Size

    225KB

  • MD5

    3e5818f49741e0cf2bbda011e594b6d0

  • SHA1

    4f14d78becf5c83bee21c7d5edbe71bb73333c9a

  • SHA256

    c9ebae213732c79aae34cdd085da04accae29e324d09b22b129055a802ab91b8

  • SHA512

    fcee7ed658956e856c156f186649c8ec39a67b3e043caf841ab2efb453059c52242e391782acc347f86f6096a930ce8ef747ca8f05703bb3350a2d80f4ced5a7

  • SSDEEP

    3072:sSsdVRsAXg7M1Y3nz520NMoNoD7NQK7X6E:sndVRsAXg4C3z520NlYNqE

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c9ebae213732c79aae34cdd085da04accae29e324d09b22b129055a802ab91b8N.exe
    "C:\Users\Admin\AppData\Local\Temp\c9ebae213732c79aae34cdd085da04accae29e324d09b22b129055a802ab91b8N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1076
    • C:\Users\Admin\AppData\Local\Temp\877.pif
      C:\Users\Admin\AppData\Local\Temp\877.pif ////DAEMON
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4708
      • C:\Users\Admin\AppData\Local\Temp\c9ebae213732c79aae34cdd085da04accae29e324d09b22b129055a802ab91b8N.exe
        "C:\Users\Admin\AppData\Local\Temp\c9ebae213732c79aae34cdd085da04accae29e324d09b22b129055a802ab91b8N.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:4200
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\877.pif
    Filesize

    200KB

    MD5

    98da3c0e78ba49a30a2b7ccda7365fdd

    SHA1

    9c665f41025b3ac2ab9958f0c74e9aa0e9efcfad

    SHA256

    394c38ebb0e2857127009e2e125eca8bcc0317e07031404c3a49d4e77bd6d15f

    SHA512

    35403fcddfb529870a29f329a9634112e85a4826e4cda1a8c7fc37e5431b0f7a1c43dc72cd9dbeb262dd171f673840d8aaea69dadb9382a6e619675a966e193e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\c9ebae213732c79aae34cdd085da04accae29e324d09b22b129055a802ab91b8N.exe
    Filesize

    25KB

    MD5

    0975ee4bd09e87c94861f69e4aa44b7a

    SHA1

    64029e26a179b64951ca580a155288b6ff002a55

    SHA256

    7f8aa55beae4aee0da0f32b8d67b3d600103fedd99c6e114625f82de8d14d5c7

    SHA512

    87eff707ac6b74c98902cefab12e9e37c51eb01e9b8cf7336ae6299f27b43abbdd27d9775984c797f0e2644bb35812fa09d2ccd88c6cbba8c5f87b70f52e4f81

    Download Submit

  • C:\Windows\SysWOW64\userinit.exe18467
    Filesize

    227KB

    MD5

    3690e25bb94422d800080b6709ac4bd8

    SHA1

    37160c339f0e3f38eb460dbf56c9a27b1df03d29

    SHA256

    cee14fef4701ead1788b62afba1bac4a99fe89ec235aaf8e2080193d1b895d1d

    SHA512

    883ca797847f5f30355bb014c3b33e49171a4e5ba6f1715dcaa506c82ce655be590ec73f748452f1331c840943f8b339de2e3a15087bd6796fc2794ad7490e45

    Download Submit