Analysis
-
max time kernel
140s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2024, 21:38
Behavioral task
behavioral1
Sample
4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe
Resource
win7-20240708-en
General
-
Target
4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe
-
Size
358KB
-
MD5
fb18503b4543b3a8e8992e451e30e560
-
SHA1
598b8ad92e00a5e6e14130751e17d4c722b090c9
-
SHA256
4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016
-
SHA512
d942b7a37eef9e8151f6dc6689bd559466ce63900a7d648d934693c5dfa32798be4b5d1da22e0218863882976bfcdc4ff98f65aed5bbbd076f1c137a55f94127
-
SSDEEP
6144:Tl8KWs/bWq+nR6xtEstSlckJ4OUSccLU4968TI+RjoS7:Tl837cCHJrccvZPRjoS7
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3668-0-0x0000000000400000-0x000000000050C000-memory.dmp upx behavioral2/memory/3668-12-0x0000000000400000-0x000000000050C000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3668 4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe 3668 4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe"C:\Users\Admin\AppData\Local\Temp\4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4400,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:81⤵PID:5072
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\GetRightToGo\4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.data
Filesize1KB
MD56bf2b5f131d66d8c0e92ff9160316854
SHA1c3a3324bb3c433e8a12ece922fcf0f9bcc969872
SHA2560d8121bd0684e46bb79a6a0f0ee043dc770fae3bbbebc10a83c116eb6a203d36
SHA512c30f26df400669e3124840007cd077fe8cd68a369488b21e92f25fad7124866836dd590bf0deeac3914df4fec3d69d6bda893f65938a891f6d1c32e5abe2bdf0