Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 21:17

General

  • Target

    c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe

  • Size

    90KB

  • MD5

    5f9cb0091d31abea73bb6d919418f090

  • SHA1

    0e27682c0240be2f29a5ffea62c8c64ee30dd32c

  • SHA256

    c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2

  • SHA512

    5db9797e78bbecb0bad6c95d4ff7faf63ce3759d59b080f8341f64dd451353fd9187afd0efb025776aabfe728a644cb7b6d51a2b98345f8b915c03e247181641

  • SSDEEP

    1536:fbO5Z3CDT1OFXcahvBVxoqleuhw7+Ub3Kmb1Qz9r0I+MtyGu1eX85Xm/pFK1fdD+:6bS/1OHpVxoqeSw7+Uj1IF+LG9X8sKrS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe
    "C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe
      C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe

    Filesize

    90KB

    MD5

    e4c89dc028b820d4a44cb70d69d1e582

    SHA1

    7de95dd2cc625b980aa0fb5c8d19a21b02910c2b

    SHA256

    56eae82ae149ed712dcf7bbea1136013a7f892fff740712d75cb9231fdba881c

    SHA512

    9f213c577d2f948424eabf78558ff1382643ffe7f1e154af4e478c551014c59492abb51e9ac9d576e1baee430108c2060e68fb793947a5f88a202586f0b5fd57

  • memory/1928-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/1928-18-0x0000000000140000-0x0000000000173000-memory.dmp

    Filesize

    204KB

  • memory/1928-29-0x00000000001B0000-0x00000000001CB000-memory.dmp

    Filesize

    108KB

  • memory/1928-30-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/2204-0-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/2204-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2204-9-0x0000000000140000-0x0000000000173000-memory.dmp

    Filesize

    204KB

  • memory/2204-12-0x0000000000230000-0x0000000000263000-memory.dmp

    Filesize

    204KB

  • memory/2204-17-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB