Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 21:33

General

  • Target

    931ad7d69e2f29b352a13432b450c7fe7411e487693adb6151d2aa3b95f0aa6f.exe

  • Size

    1.1MB

  • MD5

    a342c7ffae84f6d3246133fc9be6b9ad

  • SHA1

    484a5eccca8f24a1aa5fc328e234bf141bb3e989

  • SHA256

    931ad7d69e2f29b352a13432b450c7fe7411e487693adb6151d2aa3b95f0aa6f

  • SHA512

    8da1cf5426e787c8db18b7a923b3374a091abe0485f6fa17ac37f4c8bfaca744a8bbf4ad6038c484d3efec98902ac0336de1972a0d972f4892fdfd35636b1dfd

  • SSDEEP

    24576:aH0dl8myX9Bg42QoXFkrzkmplSgRDYo0lG4Z8r7Qfbkiu5QK:acallSllG4ZM7QzMp

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\931ad7d69e2f29b352a13432b450c7fe7411e487693adb6151d2aa3b95f0aa6f.exe
    "C:\Users\Admin\AppData\Local\Temp\931ad7d69e2f29b352a13432b450c7fe7411e487693adb6151d2aa3b95f0aa6f.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs

    Filesize

    753B

    MD5

    6a91da6fadce814a8e96b41aa5a627c2

    SHA1

    1e18b7c5ba70177097abe0c776ce32644e28da49

    SHA256

    3a3860ab1d3675d3b91dbb232b4eb3e182aeea4c2299fe315f2711dc0476ea86

    SHA512

    c9c94d6363238cbe8fd5422a928f46c2f2aa16b533767ceb1d955c5fc1c94c7abd0315ae0d00bc06d0aa8cf6c767b03ea41dd08fcc8352c4813cd88495fa7073

  • memory/2676-0-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB

  • memory/2676-9-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB