Analysis
-
max time kernel
30s -
max time network
23s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
30-09-2024 19:27
General
-
Target
efabe2f8ccfdd5b98e83dbb88e9de84101b5694960f9d55dc577c1d68e26872a.exe
-
Size
94KB
-
MD5
3b6ff7daea550f62b657fa8a606f6f7a
-
SHA1
7ce4eeef0cc8f7605bc94a3f20e7f2ee1bc3c36e
-
SHA256
efabe2f8ccfdd5b98e83dbb88e9de84101b5694960f9d55dc577c1d68e26872a
-
SHA512
cbdebf1bad011159a8f2accc0ddd64ece2adbfddb6a3da3ca6e61791456e87ffb1d0feb61e79d27e421bd656bfd1f465ee7d35c531b4c68359a38828f5ba43c6
-
SSDEEP
1536:tF0AJELoJHG9qa+oa33KJJzAKWYr0v7iJSzIRXKTzRZICrWaGZh7l:tiAyLN9qa+oEGrWViJSzIR6JJrWNZr
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\efabe2f8ccfdd5b98e83dbb88e9de84101b5694960f9d55dc577c1d68e26872a.exe"C:\Users\Admin\AppData\Local\Temp\efabe2f8ccfdd5b98e83dbb88e9de84101b5694960f9d55dc577c1d68e26872a.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Update\WwanSvc.exe"C:\ProgramData\Update\WwanSvc.exe" /run2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD5fb16648887a0cee31e38a819e6ee017a
SHA1305a68e6959f4179321adbf406a50b710c35c287
SHA256b5109588e7f73b05e54dde52797f02d613f102dbf3f8be69af7fb4a4d2ba12cf
SHA512de2bae7952235d85dc8b693cc01254eeceab718456f7d708c1589597be5fa2ab96c53d816c5d8a2ac8b8f5adb89b03d26094ef89b38cbd3cc1713a70118f8a86