Analysis
-
max time kernel
140s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13/10/2024, 04:37
Static task
static1
Behavioral task
behavioral1
Sample
e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe
Resource
win10v2004-20241007-en
General
-
Target
e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe
-
Size
476KB
-
MD5
323ded924f5307e95ce7c2d2c2a446c8
-
SHA1
a8e7142fc8bcae863206968e4ee5a79232a7e2d1
-
SHA256
e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd
-
SHA512
40ab35909a3edb7321fd7428b9e80c88cb19687f4bd56e6e20d7490dab9a78b66626d0b51fc8bd576c6dfa313093c21dd617ab48170b0c274f222b119d2cd7a2
-
SSDEEP
12288:Xg17bswCoSHwF0h2NjlX+H6OGe0qacnlDv3PM:w17IwC5HwFBNjlW6j9clDv3PM
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4196 set thread context of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83 PID 4196 wrote to memory of 3100 4196 e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe"C:\Users\Admin\AppData\Local\Temp\e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4196 -
C:\Users\Admin\AppData\Local\Temp\e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe"C:\Users\Admin\AppData\Local\Temp\e7feec1d8349ee5719a4d52bcb44ea87bb48c7ca2df11bf49aaabc23d72926cd.exe"2⤵
- System Location Discovery: System Language Discovery
PID:3100
-