Overview

overview

7

Static

static

3

31833d4511...a1.exe

windows7-x64

3

31833d4511...a1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2024 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31833d451143908ae9b766dbd583d4b2919e09e4cb4713f6044aea0a07c9fda1.exe

  • Size

    1.1MB

  • MD5

    f1883a4567d6605508539d2706e08ec9

  • SHA1

    d065240c6d5885315ceb81c42c7ee15ae8258cac

  • SHA256

    31833d451143908ae9b766dbd583d4b2919e09e4cb4713f6044aea0a07c9fda1

  • SHA512

    1f38ab0897994fe133b4e25709f6a7861cfc705725a4374e0c9032112725332c2f86af84075d1587ea123dd546f67686277eeff41cc9f93d105daff60db8b8d7

  • SSDEEP

    24576:CH0dl8myX9Bg42QoXFkrzkmmlSgRDko0lG4Z8r7Qfbkiu5QI:CcaClSFlG4ZM7QzMP

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31833d451143908ae9b766dbd583d4b2919e09e4cb4713f6044aea0a07c9fda1.exe
    "C:\Users\Admin\AppData\Local\Temp\31833d451143908ae9b766dbd583d4b2919e09e4cb4713f6044aea0a07c9fda1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs
    Filesize

    753B

    MD5

    3af7bc10b8e447046316b37340a90e98

    SHA1

    c024a7f42375011699855eacfa3175849bc150ac

    SHA256

    f736164f959b065d2c013764a230e7d810490da5947c8d9d1d1e31ff757d500f

    SHA512

    a01429b5de8779e84b3c8f9795be0eb92fb01824aa900246b3240cbcaf6ae542d27fe0b4792d349cc027020f395b82d6dd8b987874ba9879e91b162f967691b7

    Download Submit

  • memory/2132-8-0x0000000000400000-0x0000000000551000-memory.dmp

    Filesize

    1.3MB

    Download