Analysis
-
max time kernel
110s -
max time network
92s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 06:48
Behavioral task
behavioral1
Sample
d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe
Resource
win7-20240729-en
General
-
Target
d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe
-
Size
83KB
-
MD5
8ed803d3236e51db4ed193fc17c127e0
-
SHA1
faa1ece1467a351231def1e37802801fdcf473b0
-
SHA256
d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0bae
-
SHA512
f58a4485077525f2279b662ef29c5c1f693e93e3cd009629d3e4c62fcc3677d112dcf5b964720ed0eec878731fe6843137f5c1c0e7c3f2cf4f4c24d5b44b9aaf
-
SSDEEP
1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+PK:LJ0TAz6Mte4A+aaZx8EnCGVuP
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2584-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2584-1-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2584-6-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/files/0x0005000000004ed7-11.dat upx behavioral1/memory/2584-14-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2584-22-0x0000000000400000-0x000000000042A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestwecan.hasthe.technologyIN AResponsewecan.hasthe.technologyIN A172.67.183.40wecan.hasthe.technologyIN A104.21.59.199
-
POSThttp://wecan.hasthe.technology/uploadd46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exeRemote address:172.67.183.40:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85412
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------b894543854e7433c
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 19 Sep 2024 07:48:53 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1gIs0CN9pE0EajsO9A7EAL%2F7Y0htaA9ao8YrnJCw%2F2iCbrPiueCmhcZfV7hCi%2FOOP8hxJzOHLq3M7lQAd0fsToILuPzrQr8qAh4Mo6kqlgJvl1d3sGst%2BCheVyh1HGIdAAEm2YRLFJW1KA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c57a1f7cdbecd6f-LHR
-
POSThttp://wecan.hasthe.technology/uploadd46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exeRemote address:172.67.183.40:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85412
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------d33273d0df3d7adb
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 19 Sep 2024 07:49:24 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qm%2BKEqpe3r0NOwayMNAm2XwK7fBFsF9KS7xI0lXXWAtyO7LkK%2FaYQi6HeRC5jvwZbSt6xN5BPlFDFgsXfkQJlaaFZB3Ys%2FUZA7jUMEFD5vzrnW%2F6RtUUAPPgcKtidCzpxcwOHjIailVjWA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c57a2b53cb5948e-LHR
-
POSThttp://wecan.hasthe.technology/uploadd46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exeRemote address:172.67.183.40:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85412
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------ca007d325883faef
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 19 Sep 2024 07:49:54 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVWT7w1D2WFpNv4rkssPMR6J8QViGloImrpU%2B%2FAI81ny8%2BSP%2BfgdpeH6UUuNeon6cdFx3l2pBETEHfRfCTaAh0nkjGEkY4pgd9%2FvCFXFYNS49ZhR900tZfPvHjfR9mCLbYoIBuEQLdjS9g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c57a3728adb77b7-LHR
-
172.67.183.40:80http://wecan.hasthe.technology/uploadhttpd46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe88.6kB 2.3kB 74 36
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
172.67.183.40:80http://wecan.hasthe.technology/uploadhttpd46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe88.6kB 2.4kB 74 38
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
172.67.183.40:80http://wecan.hasthe.technology/uploadhttpd46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe88.6kB 2.4kB 74 38
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD569a2588d2e5843649b2d79ff47b32e25
SHA13cb38bdea5f070602e1d1c549b001cfdffba435a
SHA25645a8158053f109de8edd4cf8f91bb05618c3d00ab98d0a33b274be2b15377ead
SHA512d7255457e643373a491ae3f86536454f497685950223442b8c3b64243cc1660dca373f61cef0c9c681968de418545842c6bef5ba68ffc82177e5a6f9aca28e91