2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe
Size

7.1MB
MD5

321f61070095289aa935b269df0dbe90
SHA1

a97ad3c44f69708c7b5535f0bf5c24c2b641c55f
SHA256

2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9
SHA512

b90b6015a15d648ae06beb043f674457cd48f0908b12ffcc8c96ed1d5e11f029153a1371ef9fa9040a23456260ea40be53990f701fc2f6e1ffd2034926f11721
SSDEEP

98304:A+6cejFSRpQ0cBUK/Gcds3N1nPvrh4mLQohvC9nWysNHrl99Qroj43yw/zRTI2w/:AZdx0cVds37v9/hvaZ8rdx2yGjpnuQsj

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2584	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe
2584	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2584	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe
2584	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe
2584	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe
2584	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe
2584	2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe

C:\Users\Admin\AppData\Local\Temp\2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe
"C:\Users\Admin\AppData\Local\Temp\2ce893ac3737b7a6269aadfe76bfb46b29f507c1a0761d2ce613c4f4c979b2b9N.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GLFC662.tmp

Filesize
777B

MD5
8e1c4cac9fd989863dd0d913f5b476f3

SHA1
30c872569d5630342ca2febc101939b59c379176

SHA256
baa1d350a77f648987598c5e01adc58c9af54d37355b2051fe9a7bb0ee1b7b7e

SHA512
80834d6f5a2ce573fe7ad2f71a97a64ab35d08b536bd1153e5e2e771e5b29c823c6a3ca72c849758532b9404e870827b1d86eb74b48ba8d6e96e1a6cc6773087

Download Submit
\Users\Admin\AppData\Local\Temp\GLCBA89.tmp

Filesize
157KB

MD5
fbd929bfc7b4a9e4fa4506655bab4c4a

SHA1
b4df84de80729a04ed90dc976a3e730a568f24f8

SHA256
adf8dea5d36b58cf621e2bb0c4549f94e0919308dd7cc1215d942417c45e54a4

SHA512
b310e79848dc2a3c6a4524e0b120e2e3dd73ecb6852c65a9eec368045f7bab0b141210726476dd3cb0c1d9008e1f34149f35c03a0156a9eef7d4a7fbc61ea1b4

Download Submit
\Users\Admin\AppData\Local\Temp\GLFC650.tmp

Filesize
9KB

MD5
b9b41e50d612e00bf3a49a6405b89d74

SHA1
88063ee643c64f18fedda1890c717122634aedfd

SHA256
50e7a30e1825fab93b94b698c2c6d2cc1787b094c6cee53eeed5c497f77443c9

SHA512
b2486f526025095adc6767b5c2f85f80446db2b586e4dff376d74d44494f16d78a361dc944f3a10d8ad494b871a190e8c3f0e92eb27114be5d0b748e0da9c1ca

Download Submit