088b9bcf49b2a7e6550cd861266eda50941f892c691a248d353c885a29aaa433

Analysis

max time kernel
89s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-10-2024 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
Size

838KB
MD5

522d521510528c983e23e85d7ae5e88c
SHA1

f585eda5e0b95d958c0739d52c056aa946211848
SHA256

4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24
SHA512

a80949895e22e6d7a807eef1135a1051e98ddcbd729676eceaa37f8e761dabb0c06e0c4ece352ea3be8e4f8c5ae0f90094e01a96579acf19a4918ed87114a5fe
SSDEEP

24576:keODPIzgOiCVHfUro6fVnho8ekrnupJn9R4D3ii:kRAQYMo6fV7nupR9Gn

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
2216	4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe

C:\Users\Admin\AppData\Local\Temp\4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe
"C:\Users\Admin\AppData\Local\Temp\4d9f557790e63bccbca6fbc20a47661e15869004db64412196b8756025ea1f24.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.1MB

MD5
638e737b2293cf7b1f14c0b4fb1f3289

SHA1
f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

SHA256
baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

SHA512
4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\shellEx.fne

Filesize
13KB

MD5
a72cd2b05566abc76fa83369201832c7

SHA1
a65ef80d3a30a33fe33c673825e6c6eafdc54690

SHA256
f5cc8a0043b29ea65c200b8a312b0478f6bb7914a733a21d64849d8c02976ec0

SHA512
d72691fd2bc421bb0b9375995758ea9f3064002334373bcac04ac406ab56fcbc9b5ef985bf34704dcb20eea5c14518d1fdb5e5d9ac897381cd1e7def276855c1

Download Submit
memory/2216-0-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2216-5-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2216-4-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2216-10-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2216-11-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download