Overview

overview

7

Static

static

3

c164d8959a...2d.exe

windows7-x64

7

c164d8959a...2d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2024, 02:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c164d8959adaa00c86eca49d602f25670058a5a85d8a740e1b7ea6b1862dca2d.exe

  • Size

    237KB

  • MD5

    f71008cff59cc34b8641ce522e450a9a

  • SHA1

    f003412141c3e046bc88b765298a62bd0386d737

  • SHA256

    c164d8959adaa00c86eca49d602f25670058a5a85d8a740e1b7ea6b1862dca2d

  • SHA512

    1bb5fca9e013307caf4e786e3c10f77886053c8ed217dbfdcee878537fa8c97bc153e1c8842eb72aa884efc6bf905fc7e7fecd48f0881cffbfb5c550e43b7af4

  • SSDEEP

    3072:TgX5nIbwHRDpAbhnjsoT4CCauAzl601HL/h4JyEsIkDPrIJ08Y4gbjGOVcmUYdta:KmS7AVsocH0dWs4kDThKseNLDw

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c164d8959adaa00c86eca49d602f25670058a5a85d8a740e1b7ea6b1862dca2d.exe
    "C:\Users\Admin\AppData\Local\Temp\c164d8959adaa00c86eca49d602f25670058a5a85d8a740e1b7ea6b1862dca2d.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\lebmevpuwcydfzr\tyh3z92hmcmgbqdxtuu.exe
      "C:\lebmevpuwcydfzr\tyh3z92hmcmgbqdxtuu.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\lebmevpuwcydfzr\laenlivuoj.exe
        "C:\lebmevpuwcydfzr\laenlivuoj.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:408
  • C:\lebmevpuwcydfzr\laenlivuoj.exe
    C:\lebmevpuwcydfzr\laenlivuoj.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\lebmevpuwcydfzr\qfggfjgd.exe
      clnbcrmpzcee "c:\lebmevpuwcydfzr\laenlivuoj.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:5100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\lebmevpuwcydfzr\tyh3z92hmcmgbqdxtuu.exe
    Filesize

    237KB

    MD5

    f71008cff59cc34b8641ce522e450a9a

    SHA1

    f003412141c3e046bc88b765298a62bd0386d737

    SHA256

    c164d8959adaa00c86eca49d602f25670058a5a85d8a740e1b7ea6b1862dca2d

    SHA512

    1bb5fca9e013307caf4e786e3c10f77886053c8ed217dbfdcee878537fa8c97bc153e1c8842eb72aa884efc6bf905fc7e7fecd48f0881cffbfb5c550e43b7af4

    Download Submit

  • C:\lebmevpuwcydfzr\xxmr5xjcverm
    Filesize

    8B

    MD5

    f7e1f810561ff09ea650130b4f8135bd

    SHA1

    5defe220e382632b1ad14ae6fccf9466d60cf184

    SHA256

    9ed33f2c4fbe8d778642ea94b817de57519f6c6015665c31bd2d69367b48c002

    SHA512

    be2f0c07463caaaa7dd3fe164bad1d49646d051a75ab60e708a10443b41e34fabdecb8bff0c43bceaecebeb692e78b150086aecc5b6ce041e0d919eea9a8d8fd

    Download Submit