000755ee7b4b3c3fb19970f2c62812235426dfdec77bc829697a9f14b4ab4071

Resubmissions

04/10/2024, 02:35

241004-c265fazejn 3

04/10/2024, 02:34

241004-c2w98szdrp 3

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 02:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

test.exe
Size

89KB
MD5

8a0eeb03409b2a89572ee13bbf55b65e
SHA1

79b3ddd5b90b87fa100a01f0f6294b8f80e906fa
SHA256

000755ee7b4b3c3fb19970f2c62812235426dfdec77bc829697a9f14b4ab4071
SHA512

09aab39f91cfdfc1d801261f9627fe6a72f899f8eb91f216d7111e1c3f8a38be632775120642c5243d28b2faa59b7ba4bfb7f2786ab4f6605aa3041992c29087
SSDEEP

1536:H7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIffw9OC:b7DhdC6kzWypvaQ0FxyNTBffm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	test.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2612	2200	test.exe	31
PID 2200 wrote to memory of 2612	2200	test.exe	31
PID 2200 wrote to memory of 2612	2200	test.exe	31
PID 2200 wrote to memory of 2612	2200	test.exe	31

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\82E6.tmp\82E7.tmp\82E8.bat C:\Users\Admin\AppData\Local\Temp\test.exe"
  2⤵
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\82E6.tmp\82E7.tmp\82E8.bat

Filesize
67B

MD5
a675aebecf606f15d849938505312970

SHA1
4ff0cf4b548cfa1d8b39031b64c3d4a4f8304bec

SHA256
b2b1bf17834499e32facf55251db71e8bd7413e061dde39fb06491babd41ab67

SHA512
358f1cdec892a491ec1abaf1b1cd555ac774a5cc54ab281200453193d5d531a1a5912ada6e8218faa9bd8fc000125f6130fd1b393746080a58999563038ad9f9

Download Submit
memory/2612-12-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download