Overview

overview

7

Static

static

3

92a009b7c5...1N.exe

windows7-x64

7

92a009b7c5...1N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    4s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92a009b7c5d47c2b4af0d2074bef322bc787f4e7c69c7d59f9c2ae9c61973871N.exe

  • Size

    25KB

  • MD5

    615cab5d22d13838c62b8b4509225380

  • SHA1

    7325d0a4854076f60b698fed4fec9be5345f0f8c

  • SHA256

    92a009b7c5d47c2b4af0d2074bef322bc787f4e7c69c7d59f9c2ae9c61973871

  • SHA512

    8e1fdeb39d083a7e38c6d2cbae933b9bfea806ccec7dabb4d40cd8d7ef2cc445f9d23a1e7b46d6e1bbd4f1bd3cfeecc4ea2c67ffb66b26b277ae26ac94e6553a

  • SSDEEP

    768:N/ybgNcFXvtdgI2MyzNtRQtOflIwoHNV2XBFV72B4lA7Ps2Z+7s:AtdgI2MyzNtRQtOflIwoHNV2XBFV72BT

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\92a009b7c5d47c2b4af0d2074bef322bc787f4e7c69c7d59f9c2ae9c61973871N.exe
    "C:\Users\Admin\AppData\Local\Temp\92a009b7c5d47c2b4af0d2074bef322bc787f4e7c69c7d59f9c2ae9c61973871N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
      "C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
    Filesize

    25KB

    MD5

    b59bf41f556d91cc2def85704337e34e

    SHA1

    d501c2b06b57674f95b18c345222c7bbc9775044

    SHA256

    3c88379f9612dc26996f851ba33ccf8800b2f97f67a08eaf5ad3cabc81a6b5b9

    SHA512

    3037aa964a557fb67e506eb82745f7305b9af969b7a2c824f017b2fa697f21ab9ef449aea744825b504b6fef5cef51407144dc678293d85a63f45d63a99d880a

    Download Submit

  • memory/2564-12-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2564-15-0x0000000002AA0000-0x0000000002EA0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2656-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2656-1-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2656-4-0x0000000002AC0000-0x0000000002EC0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2656-3-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2656-11-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download