Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
09/10/2024, 07:26
General
-
Target
cb89f9f080b298d769351aba59a331afd6e926f64542475b1729e91465cd75ffN.exe
-
Size
40KB
-
MD5
7c01a3c63d11415f26e15368efad79e0
-
SHA1
a821a1b5c45e26ae466263557c456b744c7a0cc3
-
SHA256
cb89f9f080b298d769351aba59a331afd6e926f64542475b1729e91465cd75ff
-
SHA512
ee21ba04749e0c8f334af002cbf930e1dafed4633cc0e45822e9693444a7728788661b71f65c211105a7946cfcf06044b897e278f5d5a94cf1e213e97a9fefe7
-
SSDEEP
768:KOxZOgIryM1P3oO2y8UN2ivcTTJlu71TFA9nn0OjDDdmo/SK2OURvXZGLqiyj:nSgy19JSVO1ONn511/tivXZjXj
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb89f9f080b298d769351aba59a331afd6e926f64542475b1729e91465cd75ffN.exe"C:\Users\Admin\AppData\Local\Temp\cb89f9f080b298d769351aba59a331afd6e926f64542475b1729e91465cd75ffN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrrxr.exec:\fxlrrxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnt.exec:\btbbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnh.exec:\nhhnnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdv.exec:\pdvdv.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxlrr.exec:\lrxxlrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xllxfl.exec:\3xllxfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhhn.exec:\hthhhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bthnt.exec:\9bthnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjp.exec:\9ppjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfflfl.exec:\fxfflfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbhn.exec:\bhhbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhnn.exec:\1bhhnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvv.exec:\jjvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrllff.exec:\xfrllff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhthb.exec:\hbhthb.exe17⤵
- Executes dropped EXE
-
\??\c:\htbtbn.exec:\htbtbn.exe18⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe19⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe20⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\thnnth.exec:\thnnth.exe22⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\xrflllx.exec:\xrflllx.exe25⤵
- Executes dropped EXE
-
\??\c:\rlllrxf.exec:\rlllrxf.exe26⤵
- Executes dropped EXE
-
\??\c:\nbthtt.exec:\nbthtt.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pdpvv.exec:\pdpvv.exe28⤵
- Executes dropped EXE
-
\??\c:\7pjdd.exec:\7pjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxrxff.exec:\rlxrxff.exe30⤵
- Executes dropped EXE
-
\??\c:\hhthnn.exec:\hhthnn.exe31⤵
- Executes dropped EXE
-
\??\c:\nbnttt.exec:\nbnttt.exe32⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\fxxlxll.exec:\fxxlxll.exe34⤵
- Executes dropped EXE
-
\??\c:\llrlxxl.exec:\llrlxxl.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hbhnth.exec:\hbhnth.exe36⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe37⤵
- Executes dropped EXE
-
\??\c:\7dddj.exec:\7dddj.exe38⤵
- Executes dropped EXE
-
\??\c:\llrrrrx.exec:\llrrrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\3xrrxxf.exec:\3xrrxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\hbhnbn.exec:\hbhnbn.exe41⤵
- Executes dropped EXE
-
\??\c:\1jvvd.exec:\1jvvd.exe42⤵
- Executes dropped EXE
-
\??\c:\1vdpp.exec:\1vdpp.exe43⤵
- Executes dropped EXE
-
\??\c:\xrffxrx.exec:\xrffxrx.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\5bnbbb.exec:\5bnbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe48⤵
- Executes dropped EXE
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bthhtt.exec:\bthhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe52⤵
- Executes dropped EXE
-
\??\c:\7jvpj.exec:\7jvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\rfllrrx.exec:\rfllrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\btnnbb.exec:\btnnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe59⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\9rllllr.exec:\9rllllr.exe61⤵
- Executes dropped EXE
-
\??\c:\frflrrx.exec:\frflrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\nbnthn.exec:\nbnthn.exe63⤵
- Executes dropped EXE
-
\??\c:\xrxxfll.exec:\xrxxfll.exe64⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe66⤵
-
\??\c:\rrrrrfr.exec:\rrrrrfr.exe67⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe68⤵
-
\??\c:\9djjd.exec:\9djjd.exe69⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe70⤵
-
\??\c:\ffxxllx.exec:\ffxxllx.exe71⤵
-
\??\c:\7tnntn.exec:\7tnntn.exe72⤵
-
\??\c:\bnbhtn.exec:\bnbhtn.exe73⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe74⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe75⤵
-
\??\c:\rflfllr.exec:\rflfllr.exe76⤵
-
\??\c:\lrffxrr.exec:\lrffxrr.exe77⤵
-
\??\c:\xxlflfl.exec:\xxlflfl.exe78⤵
-
\??\c:\nbhbhn.exec:\nbhbhn.exe79⤵
-
\??\c:\9httbt.exec:\9httbt.exe80⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe81⤵
-
\??\c:\5rxxfrf.exec:\5rxxfrf.exe82⤵
-
\??\c:\flxxxrx.exec:\flxxxrx.exe83⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe84⤵
-
\??\c:\3ntntn.exec:\3ntntn.exe85⤵
-
\??\c:\5hnnnn.exec:\5hnnnn.exe86⤵
-
\??\c:\vppvd.exec:\vppvd.exe87⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe88⤵
-
\??\c:\9pvvp.exec:\9pvvp.exe89⤵
-
\??\c:\fxfxffl.exec:\fxfxffl.exe90⤵
-
\??\c:\ffllxxx.exec:\ffllxxx.exe91⤵
-
\??\c:\btbttt.exec:\btbttt.exe92⤵
-
\??\c:\1bhhhh.exec:\1bhhhh.exe93⤵
-
\??\c:\tntttt.exec:\tntttt.exe94⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe95⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe96⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe97⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe98⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe99⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frflrrr.exec:\frflrrr.exe101⤵
-
\??\c:\hnnhnh.exec:\hnnhnh.exe102⤵
-
\??\c:\dpddd.exec:\dpddd.exe103⤵
-
\??\c:\vjppj.exec:\vjppj.exe104⤵
-
\??\c:\rxlrxrr.exec:\rxlrxrr.exe105⤵
-
\??\c:\7xfxxxf.exec:\7xfxxxf.exe106⤵
-
\??\c:\bhhttt.exec:\bhhttt.exe107⤵
-
\??\c:\3htbtn.exec:\3htbtn.exe108⤵
-
\??\c:\7vdpv.exec:\7vdpv.exe109⤵
-
\??\c:\9lrrlxf.exec:\9lrrlxf.exe110⤵
-
\??\c:\3frrfff.exec:\3frrfff.exe111⤵
-
\??\c:\7bttbn.exec:\7bttbn.exe112⤵
-
\??\c:\tntthb.exec:\tntthb.exe113⤵
-
\??\c:\jvddj.exec:\jvddj.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdjdj.exec:\pdjdj.exe115⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe116⤵
-
\??\c:\fxfrfxx.exec:\fxfrfxx.exe117⤵
-
\??\c:\7nnttn.exec:\7nnttn.exe118⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnnnhb.exec:\tnnnhb.exe119⤵
-
\??\c:\hhnnhb.exec:\hhnnhb.exe120⤵
-
\??\c:\5ttttt.exec:\5ttttt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-