Overview

overview

10

Static

static

3

24ca0842c3...6N.exe

windows7-x64

10

24ca0842c3...6N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2024, 22:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    24ca0842c3ef2bea9d4e21eee337c47a61c50f5cd12234b27939378f4a00f556N.exe

  • Size

    4.0MB

  • MD5

    c56528d1cbc3c0594026728465910d10

  • SHA1

    057a5624f687222ab06fedcd2db743df586f2b47

  • SHA256

    24ca0842c3ef2bea9d4e21eee337c47a61c50f5cd12234b27939378f4a00f556

  • SHA512

    894efa7c615a6283daefb106a78beeec11dd1b0dff1f0512b34c2fd73a76c21f8b918770817c978cde66c85fa47a848b1304a33e3e706f70e41ab425cd61f840

  • SSDEEP

    98304:ZviM3gc0rOY/icq6uquyPpV2o/vZVBdI7icuqrxAkgj6:pac0rOY/ifqHhVBvZbhdq2kP

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\24ca0842c3ef2bea9d4e21eee337c47a61c50f5cd12234b27939378f4a00f556N.exe
    "C:\Users\Admin\AppData\Local\Temp\24ca0842c3ef2bea9d4e21eee337c47a61c50f5cd12234b27939378f4a00f556N.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\xdccPrograms\7zFM.exe
    Filesize

    4.0MB

    MD5

    4207d499cccb098352d834deb5f1390c

    SHA1

    a691888a1269fc85273054d6347d8a6d7aa69305

    SHA256

    f58c6b1c4b75881347870385ecbd33fb743a9419e9fcd3d0d2210595f1f69bb9

    SHA512

    a8c250d0411d35dc50903438fe38d0c3571e704a96ac353d7a7548f0b0fb309f34bbbd473111697f7cfec24ec72978f19fe0f75b5530f9972ba9ef7bf8b3fa5b

    Download Submit

  • memory/2636-99-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-100-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-101-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-102-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-103-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-104-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-105-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-106-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-107-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2636-108-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download