Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2024 01:56

General

  • Target

    '''.exe

  • Size

    2.0MB

  • MD5

    60b42e43178ad0ed1484e4afef56e740

  • SHA1

    45d484903388cd149f9e2e5afbfe247c90a00031

  • SHA256

    ed0cc4ec1b8de4c0e315f3caa855892f7ace7cccd3b8e98c7589316ef9fd1972

  • SHA512

    1d397050fe7969993404ee0313ee071ec6a5bd316a40210c72404600057b9a7cca2c78302d28e9f576a42c74ddfec37856b7188c7dd64d173afce043d9b2bc7f

  • SSDEEP

    49152:4VAbwcf0qplQ9rQ7JC+zQlQTLw9Lqb4tBr9mPrIdq1AT2v:0Aa+lQp85Q59mb47r9mDLm2v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\'''.exe
    "C:\Users\Admin\AppData\Local\Temp\'''.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3056
    • C:\Users\Admin\AppData\Local\Temp\7zS0FBDFAB6\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS0FBDFAB6\setup.exe --server-tracking-blob=NTdiY2VkZTZjZjIxY2ZlZTE3NTFjYTIyZDc4OGQwYmJmYmIyODgwNzIwMWZiZWY4OTBjOTE5MmQ1Zjg4YTZmYjp7ImNvdW50cnkiOiJDQSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9Z29vZ2xlLWFkcyZ1dG1fbWVkaXVtPWJhX29zZSZ1dG1fY2FtcGFpZ249JTI1MjMwOCUyNTIwLSUyNTIwQ0ElMjUyMC0lMjUyMFNlYXJjaCUyNTIwLSUyNTIwRU4lMjUyMC0lMjUyMEJyYW5kZWQlMjUyMC0lMjUyMDIwMTcmdXRtX2NvbnRlbnQ9Z29vZ2xlK2NwYyZ1dG1faWQ9Z2NsaWRDandLQ0FqdzBhUzNCaEEzRWl3QUthRDJaWEFVdENvQUh4THN4V25PYW9maUNaVEJaYTM1RC1xNFRlb2tKS0dteWNGam82dVdaT09zQ3hvQ0Y1OFFBdkRfQndFJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cuZ29vZ2xlLmNvbSUyRiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZkbF90b2tlbj05NzU3NjY1NyIsInRpbWVzdGFtcCI6IjE3MjY1NTkwNzAuMTA4MSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6IiUyMzA4JTIwLSUyMENBJTIwLSUyMFNlYXJjaCUyMC0lMjBFTiUyMC0lMjBCcmFuZGVkJTIwLSUyMDIwMTciLCJjb250ZW50IjoiZ29vZ2xlIGNwYyIsImlkIjoiZ2NsaWRDandLQ0FqdzBhUzNCaEEzRWl3QUthRDJaWEFVdENvQUh4THN4V25PYW9maUNaVEJaYTM1RC1xNFRlb2tKS0dteWNGam82dVdaT09zQ3hvQ0Y1OFFBdkRfQndFIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiYmFfb3NlIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6Imdvb2dsZS1hZHMifSwidXVpZCI6IjAzNzBlZmUwLWE4NWQtNDA5Ny04NmY2LThhOGVmM2VjYjg3MiJ9
      2⤵
      • Executes dropped EXE
      PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS0FBDFAB6\setup.exe

    Filesize

    5.1MB

    MD5

    c3ad19d69141fa707540087edc297679

    SHA1

    0bba92b6e3371770989ef3597a9192d16b4feae2

    SHA256

    ff7ac32388dbd9ad3ef945b0e71518c2d869b9d9cc8fbbd14d3b0665850b0933

    SHA512

    28648a5c8c44def983cbdc4f6b48dc97d5fbda2a2f8ac3d93f85476f3492bc18986be97a5954e27fff1206779736b0ed90df1a04c35f30e1c182b6435cf33f2f