Overview

overview

10

Static

static

5

0442cfabb3...ab.exe

windows7-x64

8

c0cf40b883...3a.exe

windows7-x64

8

cry1.exe

windows7-x64

8

cry2.exe

windows7-x64

8

cry3.exe

windows7-x64

10

cry4.exe

windows7-x64

10

cry5.exe

windows7-x64

8

cry6.exe

windows7-x64

10

e49778d20a...73.exe

windows7-x64

8

inquiry.scr

windows7-x64

9

Накла...15.scr

windows7-x64

3

ПРЕТЕ...Я.scr

windows7-x64

5

Счет �...08.scr

windows7-x64

3

карто...я.scr

windows7-x64

5

Analysis

  • max time kernel
    359s
  • max time network
    360s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-11-2024 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    карточка предприятия.scr

  • Size

    185KB

  • MD5

    f1b11de8044720671240999846fe5e69

  • SHA1

    03ae6c1090cd6392365fe9d4cfc061bb626688ad

  • SHA256

    37f6ccf41a6f66008651c0d272090da64b3b28f6970a9404cb5ecf886ea776b1

  • SHA512

    8c4bd6b406a1e2edf3f6bb9bb6b3debae4b6b312e474b4a9bedb93b097a45d193a4a3d6a0119e2ade467ced262ef9941e4c578720d227b9be58a8cdb44074894

  • SSDEEP

    3072:R/JLIuc9pgKqUsZ+tKbewtr2ab+/MThp5rTTiLIQ1mKCRhgvpIXljSQ1ZdBc:R/JFutWDWabJ1PrTeLD1FyhgvpIXlV1P

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\карточка предприятия.scr
    "C:\Users\Admin\AppData\Local\Temp\карточка предприятия.scr" /S
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 100
      2⤵
      • Program crash
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1036-0-0x0000000000D40000-0x0000000000DF4000-memory.dmp

    Filesize

    720KB

    Download

  • memory/1036-1-0x0000000000D40000-0x0000000000DF4000-memory.dmp

    Filesize

    720KB

    Download