Analysis
-
max time kernel
141s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30/09/2024, 07:53
General
-
Target
microsoft-teams-24231.512.3106.6573-installer_GREH-c1.exe
-
Size
1.7MB
-
MD5
6766745ad3b385fc232e44d92dd29541
-
SHA1
d46d57d2cbc6c26e1202082c6c1867eb9c3dfce7
-
SHA256
0f8ddf8788968309f3e65dd0f2547e8c7b13c7ae2afaba17ae2e3e4edd8120c8
-
SHA512
72cabb27c66b8687a367a72b74de289686355a5e8f7267d65301304406c4dfd1970c567e8352c7178bb2993b1dbecec71c587de61f10c9b5df809797784232cb
-
SSDEEP
24576:+7FUDowAyrTVE3U5F/GLuHhCLaAcVOSRxmGjrG3asUhTfG2IetmpncfR4Bp/x8sn:+BuZrEUJVbpjrdhTO26eZ4BppV8A
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\microsoft-teams-24231.512.3106.6573-installer_GREH-c1.exe"C:\Users\Admin\AppData\Local\Temp\microsoft-teams-24231.512.3106.6573-installer_GREH-c1.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-MSKR8.tmp\microsoft-teams-24231.512.3106.6573-installer_GREH-c1.tmp"C:\Users\Admin\AppData\Local\Temp\is-MSKR8.tmp\microsoft-teams-24231.512.3106.6573-installer_GREH-c1.tmp" /SL5="$601D6,837598,832512,C:\Users\Admin\AppData\Local\Temp\microsoft-teams-24231.512.3106.6573-installer_GREH-c1.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD552b1f009d53eedfbd908065b2b103c5a
SHA15d475fabea76a2806e808d7257c12a9342446c31
SHA256be226fe7a2530e3412a361c54976b1ad58322b112f7f5c5b98ff8c1f62941118
SHA5123c4bc9205dca4cbea38dbe3df9fab683198bb0d12f70184b5c89396a54c50663a8ddfd291a93348e43ec97ffbef6e73894ca9deb7e95488e985b9fe60a64ef93
-
Filesize
3.1MB
MD586bc259e1ffb8e8dc057d5be74f631dd
SHA163e06c6ee6aa376752485a7fb69da24adb21ce3a
SHA256829dccea375271a0ab90e2a1f6c213690ee3b7535c107d98de4ff394c005ceb1
SHA5120ed29aaf07f65d0929dcd2d9ca059b8d4650cde38f231c86c12e24588b59430614a95381748e9b8a7976f5881d6518df4600502a6d28c31ccf699cd41a86d76f
-
Filesize
3.1MB
-
Filesize
1.2MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
864KB
-
Filesize
728KB
-
Filesize
864KB
