879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55

Analysis

max time kernel
95s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 16:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55N.exe
Size

113KB
MD5

9d99a4af6c58a8c4a55810ad5cba72e0
SHA1

42055ebbace7140d9c465b78eaa16759a9f8e9fa
SHA256

879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55
SHA512

eac03d7c2af01564c4d0968c3e3ea447a60f00a54818a5ef4414bab5709b37a68d434c2f42f35c2c68ba3dea08da4225f78e270886675132b1ae66297503d4d5
SSDEEP

3072:34oE0BqKHg+6BTQJ25iPklXqXvYB3QUUBaFp94+rXynIQa:80Q39ea3kayqKDa

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
404	879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55N.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SET9981.tmp	879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55N.exe
File created	C:\Windows\SysWOW64\SET9981.tmp	879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55N.exe
File opened for modification	C:\Windows\SysWOW64\shfolder.dll	879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55N.exe

C:\Users\Admin\AppData\Local\Temp\879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55N.exe
"C:\Users\Admin\AppData\Local\Temp\879bd74558b4a4a3fb7b58820db59f48ac91576f4bb958e09542fcfac8c4cb55N.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
89KB

MD5
628097f70523276000bb297d12639b5e

SHA1
aae25271ca27d710e1c5eb0f26bf62d74d14a691

SHA256
c92f7d6ba1ca31a7599d40f48522db60d420e196787f4270f68a8930feb977d3

SHA512
5f74ada52a2dd6218ac159fac65871982fd3fe2a4e1b0dcaf34eca54f06541c9f2d0628c92891f04eae438e1e86f285ee86e802fa9919b99ddb6eef79d561380

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\shfolder.dll

Filesize
22KB

MD5
cb8881762c211835878dd0fa139f2a39

SHA1
cec0f1044247da940f0ae2f8673ad852f439f449

SHA256
f776f8ae5f8eab33a5ede73fecb5adbe2777622922c01e0788bbc221f1c1415d

SHA512
1ae980faf223504703890ac284470245ab0acb17cf9a3029c2778d748ab6f848111e4a0f2df500609f0d1087844bd8d0f0314d5c2a837b40d241d979e531cca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\shfolder.inf

Filesize
434B

MD5
e8ffa51897ec4179d57ff4fb804a3729

SHA1
50e5d7c426d829efa9a8742d2744c9f8f666c963

SHA256
d3c50747b18af419e173b94d4cf353f33d0372c99bb584ea39ff47aa99a5db66

SHA512
3e23fe9ee04f2ff7e8e4dca6b8f94f3d4e1f6eac3b7e20e62766be74a4e5a6d417e8c56d6d59a84db53eba30bb89ed4b99eab5d68c5c644b84e81d7ff99ae240

Download Submit