Overview

overview

8

Static

static

3

9419ec3be2...b9.exe

windows7-x64

9419ec3be2...b9.exe

windows10-2004-x64

Analysis

  • max time kernel
    6s
  • max time network
    7s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 03:56

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9.exe

  • Size

    5.1MB

  • MD5

    72e360d64d4060a1f18117e88d7feb3f

  • SHA1

    b8f79a39c1703ddecea07eac4cad1712ac8240bc

  • SHA256

    9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9

  • SHA512

    14eff0cb155603348d0e807ea947d66dd6c88cb2935c7bc1062d5fa9258e70276ef81d4208d21945ede4727edd67ce816e01bcd254f997f2f1119898fdff16c5

  • SSDEEP

    98304:Q/pgQ/DPHrxVSOAzJCYMC20Nw1M72/zlU+FbSQ31PNGUyointu:Apgybrx8OA1MCT6272/5U+hN7ktu

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9.exe
    "C:\Users\Admin\AppData\Local\Temp\9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1736
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2924
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1896

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1736-15-0x0000000000250000-0x0000000000251000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-49-0x0000000000C80000-0x0000000000E9C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1736-38-0x00000000002B0000-0x00000000002B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-35-0x00000000002A0000-0x00000000002A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-33-0x00000000002A0000-0x00000000002A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-30-0x0000000000290000-0x0000000000291000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-28-0x0000000000290000-0x0000000000291000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-25-0x0000000000280000-0x0000000000281000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-23-0x0000000000280000-0x0000000000281000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-20-0x0000000000270000-0x0000000000271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-18-0x0000000000270000-0x0000000000271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-11-0x0000000000250000-0x0000000000251000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-40-0x00000000002B0000-0x00000000002B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-0-0x0000000000C80000-0x0000000000E9C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1736-16-0x0000000000270000-0x0000000000271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-10-0x0000000000240000-0x0000000000241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-8-0x0000000000240000-0x0000000000241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-6-0x0000000000240000-0x0000000000241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-5-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-3-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-1-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1736-41-0x0000000000400000-0x00000000013BD000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/1736-47-0x0000000000400000-0x00000000013BD000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/1736-48-0x0000000000400000-0x00000000013BD000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/1736-13-0x0000000000250000-0x0000000000251000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1896-51-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2924-50-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download