50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fc

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe
Size

7.1MB
MD5

7053939403954077da65aa1ebc0adb50
SHA1

0541ab4508f16f3e6a3fc091337633fc302e8ff8
SHA256

50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fc
SHA512

05dac9246d00678e7ba575e9434472a0acd4ffcbe594c210a137245c7b32230faf4715e225020e056a7ef8160df9b03ad049f4b01c1eed2c2cc058d9794af08a
SSDEEP

98304:b6cSI+O2OI0zrnZrIogzhol9z01ivPNooA52QhF4hWEw11iYRIbriMW4kS1SRIab:n+O2OIkZZQhfUvug/CSr5WIT98

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2852	50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2852	2356	50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe	30
PID 2356 wrote to memory of 2852	2356	50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe	30
PID 2356 wrote to memory of 2852	2356	50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe	30
PID 2356 wrote to memory of 2852	2356	50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe	30

C:\Users\Admin\AppData\Local\Temp\50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe
"C:\Users\Admin\AppData\Local\Temp\50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe
  "C:\Users\Admin\AppData\Local\Temp\50ba43dced201f11d4d4b63a9cd974f1dc8e8b1d74664fa6002167eaf0ca05fcN.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23562\python310.dll

Filesize
3.9MB

MD5
ec970131c8d8d66aeed8b50aa59e9e79

SHA1
3ca30a8e8afd8531ffbf97b8723f15bda9c13314

SHA256
6d97125e77feb8eeb642619a61e3fe80f76f1bac85bec450d6f1bbdaaf0c003f

SHA512
37d108c87b70a10bc00be0ad5988252e2bff86d0a4c597104d202da252bfc057413067ede5e7096809b4d53a55c1d9baab6bf8d01112947cf781df9b6c290db9

Download Submit