74fa008ca1ef70ef209685656f13eb74f905015f0d5b4738e6135ae3f281410e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

A1A621FD94C4FCF89DC405F8DB1DFCE3.exe
Size

112KB
MD5

a1a621fd94c4fcf89dc405f8db1dfce3
SHA1

5896181bf11d9e1eace01426af2218d3d67dff09
SHA256

f336981e9bc2fb6710f4a03a5de8e58505febb8b86d2c4a023538b69b8c7775f
SHA512

62c5a0d15ec6f0a67e91caaf9db6bb632b2cbb07e0ba794feee7456ab7fdb528ae068f4f779567c29b07e4d53cf73997916eff69de6000b5baf38fa8cc070a9e
SSDEEP

1536:bL+9+G+3WpNi42+hSzvU27/fTvrVLvxGD8Li+fWnKKznF:bS9+G+3ANi42PrTrwCOnV7F

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2280	1984	WerFault.exe	30

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	A1A621FD94C4FCF89DC405F8DB1DFCE3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2280	1984	A1A621FD94C4FCF89DC405F8DB1DFCE3.exe	31
PID 1984 wrote to memory of 2280	1984	A1A621FD94C4FCF89DC405F8DB1DFCE3.exe	31
PID 1984 wrote to memory of 2280	1984	A1A621FD94C4FCF89DC405F8DB1DFCE3.exe	31
PID 1984 wrote to memory of 2280	1984	A1A621FD94C4FCF89DC405F8DB1DFCE3.exe	31

C:\Users\Admin\AppData\Local\Temp\A1A621FD94C4FCF89DC405F8DB1DFCE3.exe
"C:\Users\Admin\AppData\Local\Temp\A1A621FD94C4FCF89DC405F8DB1DFCE3.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 152
  2⤵
  - Program crash
  PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\FED5C6.tmp

Filesize
120B

MD5
a9930aa6f703ed6f86bfbebc2d5ccf8a

SHA1
8ac2c7d322e432111f792cfb540563ba8de72dfe

SHA256
ba00cdb8acf38918c5031494944216673e99c11048ffd78332f5df372afbc637

SHA512
9df4bfdc675691f21efa1c9d5efbb07c06c1d343c465a20cfc838e98ad23f688b4db7f6e58f9f0a9ea440a9852dda9abadacbeb0a5c75d5268f79804a44edcb1

Download Submit