9578acb21ffdcc062586c11a87aab114a07dd0dbc66b440cb69bbeafb5634cc9

Resubmissions

25-09-2024 15:53

240925-tbmfsateqq 10

24-09-2024 22:03

240924-1ynqpa1dle 10

Analysis

max time kernel
300s
max time network
300s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ea14a4bfc5e802e358f14b4b7d2ce8e.exe
Size

11.1MB
MD5

6ea14a4bfc5e802e358f14b4b7d2ce8e
SHA1

9bb2d7c7fda701f1481a843bb198c016e2486c4a
SHA256

9578acb21ffdcc062586c11a87aab114a07dd0dbc66b440cb69bbeafb5634cc9
SHA512

9a774bcbef9ed3bc050f5c3a1055a14dcc239ead07f40c7d8a21f632cd10439dad8d82f1b7ba0122ad11c6cca4f39ab7aaea329f3abae762438e2174c3f11e5a
SSDEEP

196608:uOK19iyfvQgN9prpo/mOIGqBGyC4gDEz+twaXbTPlrLwXJYRliwZ7M91vNgkfJdP:uZbfvBgmMqCyTOVZLBgrU

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
178	bitbucket.org
434	bitbucket.org
453	bitbucket.org
505	bitbucket.org
150	bitbucket.org
425	bitbucket.org
934	bitbucket.org
978	bitbucket.org
36	bitbucket.org
680	bitbucket.org
929	bitbucket.org
389	bitbucket.org
671	bitbucket.org
43	bitbucket.org
268	bitbucket.org
302	bitbucket.org
319	bitbucket.org
447	bitbucket.org
848	bitbucket.org
77	bitbucket.org
584	bitbucket.org
170	bitbucket.org
617	bitbucket.org
907	bitbucket.org
38	bitbucket.org
394	bitbucket.org
27	bitbucket.org
402	bitbucket.org
437	bitbucket.org
456	bitbucket.org
957	bitbucket.org
102	bitbucket.org
329	bitbucket.org
431	bitbucket.org
570	bitbucket.org
827	bitbucket.org
123	bitbucket.org
127	bitbucket.org
175	bitbucket.org
254	bitbucket.org
452	bitbucket.org
481	bitbucket.org
52	bitbucket.org
136	bitbucket.org
258	bitbucket.org
566	bitbucket.org
898	bitbucket.org
191	bitbucket.org
293	bitbucket.org
339	bitbucket.org
20	bitbucket.org
199	bitbucket.org
354	bitbucket.org
419	bitbucket.org
857	bitbucket.org
931	bitbucket.org
956	bitbucket.org
235	bitbucket.org
290	bitbucket.org
651	bitbucket.org
905	bitbucket.org
23	bitbucket.org
53	bitbucket.org
811	bitbucket.org

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6ea14a4bfc5e802e358f14b4b7d2ce8e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	6ea14a4bfc5e802e358f14b4b7d2ce8e.exe

C:\Users\Admin\AppData\Local\Temp\6ea14a4bfc5e802e358f14b4b7d2ce8e.exe
"C:\Users\Admin\AppData\Local\Temp\6ea14a4bfc5e802e358f14b4b7d2ce8e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2292-0-0x0000000074BBE000-0x0000000074BBF000-memory.dmp

Filesize
4KB

Download
memory/2292-1-0x0000000000EB0000-0x00000000019CA000-memory.dmp

Filesize
11.1MB

Download
memory/2292-2-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2292-3-0x0000000074BBE000-0x0000000074BBF000-memory.dmp

Filesize
4KB

Download
memory/2292-4-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download