Overview

overview

10

Static

static

3

0x00070000...50.exe

windows10-2004-x64

10

0x00070000...50.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    10s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-10-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x0007000000023433-50.exe

  • Size

    705KB

  • MD5

    a3789c9b2a0bde3b59c7612879f8c9d4

  • SHA1

    a938c3009fcccaedd361ac52c6f53667c60fc82f

  • SHA256

    f338e5a346c8a6b3234270fc6e31e9232a37f80e18df9702f7dcf06dffeb969a

  • SHA512

    65255c566dcb5b441c1cd9e7a42400b3158bbc7ae8bfadcc76ecc0a75d6d75ac2be3fc03985afd9b7c9b08c2993564d9b4f52fd6896eeb8fa157be57822e4718

  • SSDEEP

    12288:WwHy90MAQMK4zypwqHsGIziL6v5H09sA7pjvSdXlyNBvMxX/Wmvc9nRh0rp:WwHyf0ypBzt2OeAxsXENBkx/WWc9nRh2

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x0007000000023433-50.exe
    "C:\Users\Admin\AppData\Local\Temp\0x0007000000023433-50.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4076
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install.exe
    Filesize

    1.3MB

    MD5

    34f8ed66eca16cc312795ffbd9b5d8f3

    SHA1

    e83bfe61b9251e58016137baf6d3bdee5fd8a37e

    SHA256

    5480d9d8193700dfa31817e4755e3d2615b1c07f38421b19575051f03ba504c5

    SHA512

    32003a0cf752c1bd0066f45858f3d765da3c0a0076639f6aaeb3dc0f0bb1e122a78979ca2c4d0e0fea2b7fc93078ad0c50cf2e1aa8651d59c3f122015142350e

    Download Submit

  • memory/4516-7-0x000000007455E000-0x000000007455F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4516-8-0x0000000000460000-0x00000000005A4000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4516-9-0x00000000056C0000-0x0000000005C66000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4516-10-0x0000000005110000-0x00000000051A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4516-11-0x0000000074550000-0x0000000074D01000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4516-12-0x0000000005090000-0x000000000509A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4516-13-0x00000000066E0000-0x0000000006736000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4516-14-0x0000000006C50000-0x0000000006CEC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4516-15-0x0000000006BB0000-0x0000000006BBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4516-16-0x000000007455E000-0x000000007455F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4516-17-0x0000000074550000-0x0000000074D01000-memory.dmp

    Filesize

    7.7MB

    Download