Overview

overview

7

Static

static

3

5b8e4397bb...1N.exe

windows7-x64

7

5b8e4397bb...1N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 20:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5b8e4397bb3a785f3dcf115515a50ef6324d2bca74baced3e0ae4ef85295eb11N.exe

  • Size

    410KB

  • MD5

    0decb70b94cb40f4a54a05f701f82420

  • SHA1

    cbedb69f4d14e2c90cdc3b1e0d16648384db3a3a

  • SHA256

    5b8e4397bb3a785f3dcf115515a50ef6324d2bca74baced3e0ae4ef85295eb11

  • SHA512

    14faeff2bc0208a2f77ce858ba11f00d7253135f2e4b73c14f8da2c6741273c0a735b5ef39b1b8b0650e9fcf903fad19378736da41d1a409351db8aaffe0a708

  • SSDEEP

    6144:6BxIK3CTW8TMjp41u6nyHwnZTvFC/0qAcWiujK21ZyOQUztIIHHg1kAuZBLtOus:CxIK9V14ImyHYTvFmwTmqztIkHSkZt4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b8e4397bb3a785f3dcf115515a50ef6324d2bca74baced3e0ae4ef85295eb11N.exe
    "C:\Users\Admin\AppData\Local\Temp\5b8e4397bb3a785f3dcf115515a50ef6324d2bca74baced3e0ae4ef85295eb11N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\ProgramData\grxmn.exe
      "C:\ProgramData\grxmn.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Documents and Settings .exe
          Filesize

          410KB

          MD5

          91d667633c9c48564dac8263dbbd6d5b

          SHA1

          5ecffbf3d747ca2d9c33106ffd1f7307c1782f06

          SHA256

          a7cf9fb917231bf061df665e845a6cc9cbdddb06ab132ef46911971183ee12cc

          SHA512

          958f61af3a0e6d0e9c0405e672c2309b807289789d5a62f327bb42d311de1c37ef7f25b052148e8b24a209a517df7608cb66616665674b231348ed867533725e

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          150KB

          MD5

          aef10b9ba25f907727558514f2dfbab0

          SHA1

          d67383ef1b23d4da72339d66de9541c2e1efaf53

          SHA256

          f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad

          SHA512

          5e607a70ca3fa489897f8df0c96570709839364cd8cabd5f76386dfff01ca2986d50c120cf82926dff950c7d7b6ec833ea7558b64ec8f0dfe2e5070abf1da103

          Download Submit

        • \ProgramData\grxmn.exe
          Filesize

          259KB

          MD5

          6bae06dd45e85bee5764debdeecdc596

          SHA1

          81f2a8abe8b3ec469b2396fd41c0f6bdddaa75a6

          SHA256

          643c449f8a0a8d8613cf2ca7c934cc33e0c998f33ce893b572053ecbbaf8307d

          SHA512

          91418ef8072c017485ce27b3d602ed06498033e7a116da600fd923fa85f6c58bd6b3caa4e84818615e6cf2d3d4c5b1c987425455126dd6cf3a59654086000bd7

          Download Submit

        • memory/2356-1-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/2356-0-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/2356-14-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/2696-133-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download