Overview
overview
10Static
static
10app.exe
windows7-x64
10app.exe
windows10-2004-x64
10arnatic_2.exe
windows7-x64
10arnatic_2.exe
windows10-2004-x64
10arnatic_3.exe
windows7-x64
10arnatic_3.exe
windows10-2004-x64
7arnatic_4.exe
windows7-x64
9arnatic_4.exe
windows10-2004-x64
9arnatic_5.exe
windows7-x64
10arnatic_5.exe
windows10-2004-x64
10arnatic_6.exe
windows7-x64
10arnatic_6.exe
windows10-2004-x64
10arnatic_7.exe
windows7-x64
10arnatic_7.exe
windows10-2004-x64
10null.exe
windows7-x64
10null.exe
windows10-2004-x64
10Analysis
-
max time kernel
138s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04-11-2024 14:34
Behavioral task
behavioral1
Sample
app.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
app.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
arnatic_2.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
arnatic_2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
arnatic_3.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
arnatic_3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
arnatic_4.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
arnatic_4.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
arnatic_5.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
arnatic_5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
arnatic_6.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
arnatic_6.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
arnatic_7.exe
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
arnatic_7.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
null.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
null.exe
Resource
win10v2004-20241007-en
General
-
Target
arnatic_3.exe
-
Size
680KB
-
MD5
7837314688b7989de1e8d94f598eb2dd
-
SHA1
889ae8ce433d5357f8ea2aff64daaba563dc94e3
-
SHA256
d8c28d07c365873b4e8332f057f062e65f2dd0cd4d599fd8b16d82eca5cf4247
-
SHA512
3df0c24a9f51a82716abb8e87ff44fdb6686183423d1f2f7d6bfb4cd03c3a18490f2c7987c29f3e1b2d25c48d428c2e73033998a872b185f70bb68a7aedb3e7c
-
SSDEEP
12288:Umn1vBXNJl0P3ZbcCAjqH0d5Q+qUH6wyZQMvvdgMiCIT:n1vJNJla39cGH0d+7sOlQCIT
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation arnatic_3.exe -
Loads dropped DLL 1 IoCs
pid Process 856 rUNdlL32.eXe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language arnatic_3.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rUNdlL32.eXe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ arnatic_3.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2320 wrote to memory of 856 2320 arnatic_3.exe 86 PID 2320 wrote to memory of 856 2320 arnatic_3.exe 86 PID 2320 wrote to memory of 856 2320 arnatic_3.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\arnatic_3.exe"C:\Users\Admin\AppData\Local\Temp\arnatic_3.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Windows\SysWOW64\rUNdlL32.eXe"C:\Windows\system32\rUNdlL32.eXe" "C:\Users\Admin\AppData\Local\Temp\axhub.dll",axhub2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:856
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
551KB
MD513abe7637d904829fbb37ecda44a1670
SHA1de26b60d2c0b1660220caf3f4a11dfabaa0e7b9f
SHA2567a20b34c0f9b516007d40a570eafb782028c5613138e8b9697ca398b0b3420d6
SHA5126e02ca1282f3d1bbbb684046eb5dcef412366a0ed2276c1f22d2f16b978647c0e35a8d728a0349f022295b0aba30139b2b8bb75b92aa5fdcc18aae9dcf357d77
-
Filesize
48KB
MD589c739ae3bbee8c40a52090ad0641d31
SHA1d0f7dc9a0a3e52af0f9f9736f26e401636c420a1
SHA25610a122bd647c88aa23f96687e26b251862e83be9dbb89532f4a578689547972d
SHA512cc5059e478e5f469fde39e4119ee75eed7066f2a2069590cb5046e478b812f87ab1fc21dcfe44c965061fa4f9f83d6a14accf0c0e9b2406ae51504d06a3f6480
-
Filesize
798B
MD511b9bba4a36980181874c632d0c242da
SHA173142e7cd2c15a065a59608ba71513f99a99ded1
SHA2564f341314e18707bb780b242105967499644feca5463afe4a6c5eabcbd0d636cd
SHA5124b6a6811434c45dd8ce59674d3dd9cbd6d30054558270a89c8365edf6784802c87dcd0bf022df2a832d9325c3f5574cff5528f3f73bd45b7207da777a1b0dd06