Analysis
-
max time kernel
110s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
20-09-2024 08:05
Behavioral task
behavioral1
Sample
345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe
Resource
win10v2004-20240802-en
General
-
Target
345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe
-
Size
13KB
-
MD5
9b67b5b4b425815a7833cb98c25bad00
-
SHA1
03b7abe581c2bcfd00d6afbfa0a5d715560616f2
-
SHA256
345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033
-
SHA512
709b1c2f7bc1f67949be3b598377815474bfded2ee427616bdbe72ff32efd557c7fcb7ab95ef8921d1a80c4d93445b9498954fef053634019f74bc9c48e7ea9c
-
SSDEEP
384:I2jTbZ0pj/vcqP+ctCYSw3GV9b5trUNd:IaE/vDP+6CY33GV9NtQN
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\Tasks\wow64.job 345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe File opened for modification C:\Windows\Tasks\wow64.job 345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2584 wrote to memory of 2028 2584 taskeng.exe 30 PID 2584 wrote to memory of 2028 2584 taskeng.exe 30 PID 2584 wrote to memory of 2028 2584 taskeng.exe 30 PID 2584 wrote to memory of 2028 2584 taskeng.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe"C:\Users\Admin\AppData\Local\Temp\345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2268
-
C:\Windows\system32\taskeng.exetaskeng.exe {688FCEE2-3087-4172-BAFE-4C256F454D71} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Users\Admin\AppData\Local\Temp\345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exeC:\Users\Admin\AppData\Local\Temp\345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe start2⤵PID:2028
-