Analysis
-
max time kernel
101s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
28/09/2024, 18:41
General
-
Target
Wiresharkwin321.10.14.exe
-
Size
21.2MB
-
MD5
b818ecbd661ab30a7b50d8d990e70ac7
-
SHA1
37f74c6f3e73550904e621ae2f5ad342be5762f6
-
SHA256
4055eeef5173a016cf64e2eef509dcafbcf9cc050a9d6f68f2aad2e70619d0ec
-
SHA512
56d8ccf33d571ec648afb1da29a122432c9f8b5e01f0cbf8f801f365e67157c00bee828b7bc0354d411ee6589b9debf50e424d39174609f8ded09d1da16ef42c
-
SSDEEP
393216:WHIZJK/7ohzcofIpL68mDPY8m/7Wt/1S8DCMPMk6A3PCWFLFUxOu2bTXp4nWkm/C:dGOzcppQzY8m/U/1SQVZ6gnECfKWkm/C
Malware Config
Signatures
-
Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Wiresharkwin321.10.14.exe"C:\Users\Admin\AppData\Local\Temp\Wiresharkwin321.10.14.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
859B
MD555f24518c0d32b00d23b95dff743af27
SHA11c576c241a1b1d32695a8d3e6c1c4ca25ef65f4c
SHA256bba86cd7915fc3833ddc905b277d781911b04c12bcf9670b3c804743ddf9e736
SHA5124ec8dfdeeffc4aab97f950981cc1573fed0a100091db4077bc46448187c9123c560786e4c2cf6792def8ed76f913d8297890bcbaa8c61d4aa06606f93eb3789f
-
Filesize
937B
MD5315f5448c585e514d50ba2af31976ddd
SHA12d5b6ac09ae0848dead447280492d80874937eda
SHA2569f8783f0848c64f3677c751a6f426e5defc6ca6964c865112340a8d69fff02b9
SHA512e9aaaec970b199f8afa917cbcd36fc32792889e597acd16d2c05543f7c98b7be71332e4d26945df8af5c01cee3fa6bff37435da9b30f6e8bff7fbc14caa32c7d
-
Filesize
833B
MD5cf3cf60c4ecdd9fcad18baa21d1abc09
SHA12dc1dbd0f12393f52ba69332695c20143dc4adc9
SHA256578d2b6dff49718a07ec28ae882cfb9e0627f626aea69bafad3c9d6992061382
SHA5120dd9d01d22107065fe97e29bf7bcdfeed6d48d24675466e2c1596c875a842d6840164f4c9d0be15705a71253242a3469feb2f67331bde9d0a20b47f506880576
-
Filesize
597B
MD560842599b4b2e786bf45752569891064
SHA1a25a3ff2e04c786338c9ec89a7a6cda7b2e42a45
SHA256cc595cb75ce1d3bbcee99ae3c04b2c3a9a5bee81dd79d693bed5df7c10a605d0
SHA5129c1c0fc6040a8fab7428b3644b4e59a8fe8a56d6dcc8a13e063fa7a458e7518bacb96b7735d71ee7f841d7a70ed1df2aeebf7920a5407990943a3ceaa9477b1c
-
Filesize
636B
MD514c5db80a80826e82b12e41c86e3ab0b
SHA1ae83acaf9d49c4a3ef2d4337e5e438b5948cbe32
SHA256067fe6e6b15a11538c2cab80b8e053a660191bf0e4796ee50c80bd636b7418c7
SHA512676f01025a50d04f9b99927b15e925bfcdb5daa6e987ae7d11297eb1831906c1171cd13c456e306e9da0a3d17ffcb44988fc2aac9988a127276cd7bee2514c21
-
Filesize
14KB
MD5325b008aec81e5aaa57096f05d4212b5
SHA127a2d89747a20305b6518438eff5b9f57f7df5c3
SHA256c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
SHA51218362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f