Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 21:17

General

  • Target

    c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe

  • Size

    90KB

  • MD5

    5f9cb0091d31abea73bb6d919418f090

  • SHA1

    0e27682c0240be2f29a5ffea62c8c64ee30dd32c

  • SHA256

    c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2

  • SHA512

    5db9797e78bbecb0bad6c95d4ff7faf63ce3759d59b080f8341f64dd451353fd9187afd0efb025776aabfe728a644cb7b6d51a2b98345f8b915c03e247181641

  • SSDEEP

    1536:fbO5Z3CDT1OFXcahvBVxoqleuhw7+Ub3Kmb1Qz9r0I+MtyGu1eX85Xm/pFK1fdD+:6bS/1OHpVxoqeSw7+Uj1IF+LG9X8sKrS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe
    "C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe
      C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c4b3fbd6c43b34d3818b28c5df707adb20dcf40870e92d816bad9c632eb828c2N.exe

    Filesize

    90KB

    MD5

    363bc524dc7faeb181c78f09478d8d06

    SHA1

    2f616a00bc82f3f23782ea09c7f24e15e51becac

    SHA256

    1cce528acd7133fc3c8b9c10e66d66bad2a7b2a3179b6e51d6abad5e3f82ea75

    SHA512

    e741ca7756e5cf0b1ea1285edaaf074f74caf42bc25bdb15fe8b2fbdb88493bf913911fc7bd5810e0e966b7397c0a3a5850ec3bdc5c6848a6fc8ce08c7d158e5

  • memory/628-13-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/628-14-0x00000000001B0000-0x00000000001E3000-memory.dmp

    Filesize

    204KB

  • memory/628-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

  • memory/628-25-0x00000000014F0000-0x000000000150B000-memory.dmp

    Filesize

    108KB

  • memory/628-26-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/4784-0-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/4784-1-0x0000000001440000-0x0000000001473000-memory.dmp

    Filesize

    204KB

  • memory/4784-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4784-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB