Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30/09/2024, 13:06
Static task
static1
Behavioral task
behavioral1
Sample
5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe
Resource
win10v2004-20240802-en
General
-
Target
5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe
-
Size
47KB
-
MD5
94d5a90f10aa0bd53001c10a2572df70
-
SHA1
e4a090d491b409592702ed8d5c57ce6853e710e4
-
SHA256
5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945
-
SHA512
e478e0444c541d43bca5b3a49c380271d5ce1e25a0f04907a053230499cc21776fb07fdeeb96da8433658d8357fae5c7c55099c61986600c4d71d5605100e27c
-
SSDEEP
768:y6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjbXOQ69zbjlAAX5e9zr8:y6QFElP6n+gMQMOtEvwDpjbizbR9XwzA
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2240 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2512 5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language asih.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2240 2512 5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe 30 PID 2512 wrote to memory of 2240 2512 5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe 30 PID 2512 wrote to memory of 2240 2512 5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe 30 PID 2512 wrote to memory of 2240 2512 5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe"C:\Users\Admin\AppData\Local\Temp\5ce44db6ae27da319e7c77e87a694219afcbe9b4f1f688c79fa4463d69662945N.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2240
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5be32eda1db573a33eac10af8dd0d7ed7
SHA1364c767babac8f84f1c2007866fcc66169051acc
SHA2562c25d019d9bbf385dccf893a8ff0fc11a2db8d96f414933e59646dcb7eb17f6e
SHA512239055cbce440e2835a8b9e67b29c3bc3604c631d6ab3c712626675c58ff2f02fd30b6512b4bab5134cb934791520586aa59a3345227fb56fe8b7d7710da2e0b