69c6fd63ba988aaf7cc321d0c6138051ec29bffdb9aa7cc4e6e53084cb1a2700

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

προτιμολόγιο.exe
Size

1.2MB
MD5

d57143c50cfb8e8aa90dbb366dd2e892
SHA1

fc61599ade5e76edf5b17493595f101a57882765
SHA256

bfd456793f2e66ad7c9513b6852d9787c2d4225cf6df9496f92de7aeb1d8c9be
SHA512

0e8c3ed03d606589a26637b2b288b1f3cd66dc010babdc02c72e61285b41da5f0089fc3dab065f60cdb25d9fb509c54479c06b29494e7edb6a75058a90716f36
SSDEEP

24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8ar0tpJ+FBXRA/FULge33kQ:KTvC/MTQYxsWR7armpJ+HhAFULgeE

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3428	2128	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	προτιμολόγιο.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2128	προτιμολόγιο.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2768	2128	προτιμολόγιο.exe	87
PID 2128 wrote to memory of 2768	2128	προτιμολόγιο.exe	87
PID 2128 wrote to memory of 2768	2128	προτιμολόγιο.exe	87

C:\Users\Admin\AppData\Local\Temp\προτιμολόγιο.exe
"C:\Users\Admin\AppData\Local\Temp\προτιμολόγιο.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Users\Admin\AppData\Local\Temp\προτιμολόγιο.exe"
  2⤵
  PID:2768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 660
  2⤵
  - Program crash
  PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2128 -ip 2128
1⤵
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aut8DD8.tmp

Filesize
262KB

MD5
630f0818f25f54135f05bdd6ac6cdf15

SHA1
19d10ad0725cf33b7629c416a8dde9b95cbf6f8e

SHA256
838071d00e93a4f3974ff6f8d1bd65006e36e1508abcdda984520109bc5dce09

SHA512
b4b5d6eaf7b6045746503ed851edbbadf5fb3447218b64bfc6290ef9bc5c250fc17796a3fca7826fe9a675705cc0e0f67981b79f3f952e7a7a6d88ea0809c4d0

Download Submit
memory/2128-12-0x0000000000E60000-0x0000000000E64000-memory.dmp

Filesize
16KB

Download