Overview

overview

10

Static

static

3

6a74362139...f6.exe

windows7-x64

7

6a74362139...f6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    36s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 19:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a74362139ecac3f27f7d199965301be557a75bdc3db16efabfb44a977f345f6.exe

  • Size

    282KB

  • MD5

    0db1a05d8dbc73507a535b122cbfff85

  • SHA1

    5a4fca1ed651f9ce19f19a2bc51868ee9b95e1ef

  • SHA256

    6a74362139ecac3f27f7d199965301be557a75bdc3db16efabfb44a977f345f6

  • SHA512

    95541c726c5773850aba1e875ae5415b8e34e02fd96a738c494aeece6d2b4f7b601536b54d07333cc9f4744107a7baf67b2142bbf121328ae4ae32c6b2363c93

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fKkfh:boSeGUA5YZazpXUmZhZ6SA

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a74362139ecac3f27f7d199965301be557a75bdc3db16efabfb44a977f345f6.exe
    "C:\Users\Admin\AppData\Local\Temp\6a74362139ecac3f27f7d199965301be557a75bdc3db16efabfb44a977f345f6.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1296
    • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
        "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
        3⤵
          PID:2628

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      Filesize

      282KB

      MD5

      a01c1073bdbcef71341936c6c45a1f4d

      SHA1

      45ae922e5fd9eeafbba315c162dd8f1e3c581518

      SHA256

      91c3616d3cbc050874a835690c01f5186173201fb572bca95cbf5d569225cd28

      SHA512

      d7dcadab8d313ab061e5119816057d233b87f25a2d70188eacc3c38fd7dbada475e1fb239d98e149b45585bfc21970e22be5640787920abd545cb73191b9d9d6

      Download Submit

    • memory/1296-3-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1296-2-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1296-0-0x00000000747D1000-0x00000000747D2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1296-4-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1296-5-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1296-1-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1296-13-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2812-16-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2812-15-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2812-17-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2812-18-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2812-19-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2812-21-0x00000000747D0000-0x0000000074D7B000-memory.dmp

      Filesize

      5.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.