Analysis
-
max time kernel
102s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 21:33
Static task
static1
Behavioral task
behavioral1
Sample
3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe
Resource
win10v2004-20241007-en
General
-
Target
3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe
-
Size
3.3MB
-
MD5
e30491cfc158b8e5e38c8f263ebea0fd
-
SHA1
9bd81de3c149d5f29e7d1fdb8b0297315f41969b
-
SHA256
3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3
-
SHA512
6cd13c502f8d0e24c581b9a95d3ae0448652a3d7392492f4e4c9c4859f257d807ad3c9f39ed30eaaf1afe0b11cd45a91d503dcc74743f14af933507b54b91bc5
-
SSDEEP
49152:wOCLC6TYEPgFv2y6GuquTVRghpbw9JHF9T4p8QBZNdV4Mx+6OK61a+r5u8Qe:bCLCmYEoYy6Guxohp85+pTNy6767K
Malware Config
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 2 IoCs
pid Process 2124 3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe 2124 3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2124 3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2124 3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe"C:\Users\Admin\AppData\Local\Temp\3aa4f63506bb210fafcdbca716117e74f29e9f50201a0b36930637b2dc4b11d3.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2124
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD595eae3ad22b6a092b6fb457a746a258f
SHA1394c19c95117576ffba452ad6ecd312b8ab120a4
SHA256487fe4d7373a502be9cadbbccf98349f0988977ff4acd1a57875f652c9f780d8
SHA5128b07f8c4fdbece8c99374e484f025ba86c93667ab9451b4ec7989df635f51e42abc987d69e9edf1fc94bbab9e9e4dca79b569a6f55cbd99a745075280a9246b6
-
Filesize
38B
MD5d3f9941c5c6dcfe090981e398c2dbd58
SHA1e89441fe7a7e37944456a914d933653674d2df87
SHA25677f592c034dfabd5e9684f983e686791e1cc8b72edc5efe8ce81020a31052670
SHA5128c97f6a060ea717e8619c9b11eaa374e8143a2db7744c0a1de25cc70018a5e7284cdfe7b2089cb3ec1a0f04a2c1c5ad348021de9528a82b11d3aa8c0d0be8d0d