345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033

Analysis

max time kernel
110s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe
Size

13KB
MD5

9b67b5b4b425815a7833cb98c25bad00
SHA1

03b7abe581c2bcfd00d6afbfa0a5d715560616f2
SHA256

345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033
SHA512

709b1c2f7bc1f67949be3b598377815474bfded2ee427616bdbe72ff32efd557c7fcb7ab95ef8921d1a80c4d93445b9498954fef053634019f74bc9c48e7ea9c
SSDEEP

384:I2jTbZ0pj/vcqP+ctCYSw3GV9b5trUNd:IaE/vDP+6CY33GV9NtQN

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\wow64.job	345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe
File opened for modification	C:\Windows\Tasks\wow64.job	345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 2028	2584	taskeng.exe	30
PID 2584 wrote to memory of 2028	2584	taskeng.exe	30
PID 2584 wrote to memory of 2028	2584	taskeng.exe	30
PID 2584 wrote to memory of 2028	2584	taskeng.exe	30

C:\Users\Admin\AppData\Local\Temp\345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe
"C:\Users\Admin\AppData\Local\Temp\345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2268

C:\Windows\system32\taskeng.exe
taskeng.exe {688FCEE2-3087-4172-BAFE-4C256F454D71} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Users\Admin\AppData\Local\Temp\345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe
  C:\Users\Admin\AppData\Local\Temp\345f5c2c8f1ddbec52f0505ea5ed9de29fb861b893b33c504bc25a5661798033N.exe start
  2⤵
  PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads