Overview
overview
10Static
static
7Crack.exe
windows7-x64
3Crack.exe
windows10-2004-x64
7GloryWSetp.exe
windows7-x64
7GloryWSetp.exe
windows10-2004-x64
10Install.exe
windows7-x64
7Install.exe
windows10-2004-x64
7KiffApp2.exe
windows7-x64
1KiffApp2.exe
windows10-2004-x64
1Setup.exe
windows7-x64
7Setup.exe
windows10-2004-x64
7md1_1eaf.exe
windows7-x64
10md1_1eaf.exe
windows10-2004-x64
10Analysis
-
max time kernel
66s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
04-11-2024 22:13
Behavioral task
behavioral1
Sample
Crack.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Crack.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
GloryWSetp.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
GloryWSetp.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Install.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Install.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
KiffApp2.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
KiffApp2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
md1_1eaf.exe
Resource
win7-20240708-en
General
-
Target
Crack.exe
-
Size
56KB
-
MD5
7126148bfe5ca4bf7e098d794122a9a3
-
SHA1
3fe6be3ee8bf1a0c99139b146913c8c6acd7dd64
-
SHA256
f8c0350d71e5dd14438d477f73915c4845290c7f0620656624722183b76013f5
-
SHA512
0bec6450d1be17489436de7a5186dbcb88089edd4227c3b5484460c9368e5ca0a2d88c385d31989f449a5d8cc347057c80a997682d6c0ed1b9cfcb85c677eb48
-
SSDEEP
768:LMyTlenToDMTEp1Gjy76rM9QXPvRePLrlteelLh:LGEYT5y39QXHRErjlLh
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Crack.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Crack.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2684 wrote to memory of 1908 2684 Crack.exe 31 PID 2684 wrote to memory of 1908 2684 Crack.exe 31 PID 2684 wrote to memory of 1908 2684 Crack.exe 31 PID 2684 wrote to memory of 1908 2684 Crack.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\Crack.exe"C:\Users\Admin\AppData\Local\Temp\Crack.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\Crack.exe"C:\Users\Admin\AppData\Local\Temp\Crack.exe" -a2⤵
- System Location Discovery: System Language Discovery
PID:1908
-