f5524f778cd66ac8e95e07255e82942bfa56a658fced96930c6f67cf56fa4794

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

INV-A66G-B10012.exe
Size

1.3MB
MD5

94d58969cddd13f515263069098c321b
SHA1

82748b147baa374c7b42a93dc234c83d89045f2a
SHA256

7fa92e4841b20e55ce950df742acb0c7a200de42d5a68b23b00aca701d905c22
SHA512

9bf24762bc31e4d84c61834800bbee26a409c7f11a49f829e84b0bc593480bb3ece8e8648e8ed2fe0abfe3714971b0d13850ff8ebdc2bf88a693e6af30e71ead
SSDEEP

24576:ffmMv6Ckr7Mny5QL1T73ctk0eh72UtUtMZl1meF3uQ:f3v+7/5QLp3ct82UtGYb1uQ

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1040 set thread context of 2200	1040	INV-A66G-B10012.exe	86

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	INV-A66G-B10012.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe
2200	svchost.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1040	INV-A66G-B10012.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2200	1040	INV-A66G-B10012.exe	86
PID 1040 wrote to memory of 2200	1040	INV-A66G-B10012.exe	86
PID 1040 wrote to memory of 2200	1040	INV-A66G-B10012.exe	86
PID 1040 wrote to memory of 2200	1040	INV-A66G-B10012.exe	86

C:\Users\Admin\AppData\Local\Temp\INV-A66G-B10012.exe
"C:\Users\Admin\AppData\Local\Temp\INV-A66G-B10012.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\INV-A66G-B10012.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1040-2-0x0000000004340000-0x0000000004740000-memory.dmp

Filesize
4.0MB

Download
memory/2200-3-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2200-4-0x0000000001A00000-0x0000000001D4A000-memory.dmp

Filesize
3.3MB

Download
memory/2200-5-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2200-6-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download