8433fe414ef00a0c1eabb4c12a9274f736715ecb0f73bcc28d7ead059f5f0bc4

Analysis

max time kernel
66s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
04-11-2024 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Crack.exe
Size

56KB
MD5

7126148bfe5ca4bf7e098d794122a9a3
SHA1

3fe6be3ee8bf1a0c99139b146913c8c6acd7dd64
SHA256

f8c0350d71e5dd14438d477f73915c4845290c7f0620656624722183b76013f5
SHA512

0bec6450d1be17489436de7a5186dbcb88089edd4227c3b5484460c9368e5ca0a2d88c385d31989f449a5d8cc347057c80a997682d6c0ed1b9cfcb85c677eb48
SSDEEP

768:LMyTlenToDMTEp1Gjy76rM9QXPvRePLrlteelLh:LGEYT5y39QXHRErjlLh

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Crack.exeCrack.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Crack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Crack.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Crack.exe

description	pid	process	target process
PID 2684 wrote to memory of 1908	2684	Crack.exe	Crack.exe
PID 2684 wrote to memory of 1908	2684	Crack.exe	Crack.exe
PID 2684 wrote to memory of 1908	2684	Crack.exe	Crack.exe
PID 2684 wrote to memory of 1908	2684	Crack.exe	Crack.exe

C:\Users\Admin\AppData\Local\Temp\Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Crack.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\Crack.exe
  "C:\Users\Admin\AppData\Local\Temp\Crack.exe" -a
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads