9578acb21ffdcc062586c11a87aab114a07dd0dbc66b440cb69bbeafb5634cc9

Resubmissions

25-09-2024 15:53

240925-tbmfsateqq 10

24-09-2024 22:03

240924-1ynqpa1dle 10

Analysis

max time kernel
180s
max time network
186s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ea14a4bfc5e802e358f14b4b7d2ce8e.exe
Size

11.1MB
MD5

6ea14a4bfc5e802e358f14b4b7d2ce8e
SHA1

9bb2d7c7fda701f1481a843bb198c016e2486c4a
SHA256

9578acb21ffdcc062586c11a87aab114a07dd0dbc66b440cb69bbeafb5634cc9
SHA512

9a774bcbef9ed3bc050f5c3a1055a14dcc239ead07f40c7d8a21f632cd10439dad8d82f1b7ba0122ad11c6cca4f39ab7aaea329f3abae762438e2174c3f11e5a
SSDEEP

196608:uOK19iyfvQgN9prpo/mOIGqBGyC4gDEz+twaXbTPlrLwXJYRliwZ7M91vNgkfJdP:uZbfvBgmMqCyTOVZLBgrU

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
395	bitbucket.org
486	bitbucket.org
520	bitbucket.org
542	bitbucket.org
565	bitbucket.org
264	bitbucket.org
319	bitbucket.org
352	bitbucket.org
836	bitbucket.org
937	bitbucket.org
1299	bitbucket.org
619	bitbucket.org
737	bitbucket.org
828	bitbucket.org
1054	bitbucket.org
376	bitbucket.org
754	bitbucket.org
1018	bitbucket.org
1197	bitbucket.org
1234	bitbucket.org
1254	bitbucket.org
326	bitbucket.org
381	bitbucket.org
681	bitbucket.org
1140	bitbucket.org
1259	bitbucket.org
491	bitbucket.org
1048	bitbucket.org
1129	bitbucket.org
829	bitbucket.org
1068	bitbucket.org
1178	bitbucket.org
313	bitbucket.org
438	bitbucket.org
656	bitbucket.org
913	bitbucket.org
1144	bitbucket.org
1226	bitbucket.org
560	bitbucket.org
623	bitbucket.org
648	bitbucket.org
694	bitbucket.org
766	bitbucket.org
816	bitbucket.org
958	bitbucket.org
1110	bitbucket.org
104	bitbucket.org
165	bitbucket.org
651	bitbucket.org
1313	bitbucket.org
505	bitbucket.org
870	bitbucket.org
1168	bitbucket.org
328	bitbucket.org
721	bitbucket.org
1148	bitbucket.org
1204	bitbucket.org
1210	bitbucket.org
97	bitbucket.org
364	bitbucket.org
439	bitbucket.org
404	bitbucket.org
5	bitbucket.org
137	bitbucket.org

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6ea14a4bfc5e802e358f14b4b7d2ce8e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	664	6ea14a4bfc5e802e358f14b4b7d2ce8e.exe

C:\Users\Admin\AppData\Local\Temp\6ea14a4bfc5e802e358f14b4b7d2ce8e.exe
"C:\Users\Admin\AppData\Local\Temp\6ea14a4bfc5e802e358f14b4b7d2ce8e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/664-0-0x000000007440E000-0x000000007440F000-memory.dmp

Filesize
4KB

Download
memory/664-1-0x0000000000290000-0x0000000000DAA000-memory.dmp

Filesize
11.1MB

Download
memory/664-2-0x0000000074400000-0x0000000074AEE000-memory.dmp

Filesize
6.9MB

Download
memory/664-3-0x000000007440E000-0x000000007440F000-memory.dmp

Filesize
4KB

Download
memory/664-4-0x0000000074400000-0x0000000074AEE000-memory.dmp

Filesize
6.9MB

Download