Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 20:57
Static task
static1
Behavioral task
behavioral1
Sample
2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe
Resource
win10v2004-20241007-en
General
-
Target
2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe
-
Size
619KB
-
MD5
df9223ad9ab9d96a33f9bae395d60fe9
-
SHA1
701c313f84dcb2dc99486d901d30fecc8eb8b485
-
SHA256
2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117
-
SHA512
17b102052b34b06224ad3d0a29b0c123650908d856e28f3ca979fcc34ffbeb24aa8b2a6fb6fd1a05d68b72db8c4e767ab80972717cc174bf3db1d1030243297e
-
SSDEEP
12288:coD30A+PVQ5zCD4VZRDGWF1m3aYhOA6eXVg:37+PVQ5zY431CaYAeXVg
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2476 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe -
Executes dropped EXE 1 IoCs
pid Process 2476 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe -
Loads dropped DLL 1 IoCs
pid Process 2132 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2132 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2476 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2132 wrote to memory of 2476 2132 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe 31 PID 2132 wrote to memory of 2476 2132 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe 31 PID 2132 wrote to memory of 2476 2132 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe 31 PID 2132 wrote to memory of 2476 2132 2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe"C:\Users\Admin\AppData\Local\Temp\2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Users\Admin\AppData\Local\Temp\2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exeC:\Users\Admin\AppData\Local\Temp\2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2476
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\2f630adb1a46ba087834343a7539856910f986ca35c2f717691b1f0142c58117.exe
Filesize619KB
MD5ff60563cfb05887ea20ddbdb61521a89
SHA1d90e3ca11c540ed7d7c2a5620d3294729a4f0942
SHA25609b1701ef9e163324e8690a8fc1a184039599df3d218cd3d83a9ff9942f38d64
SHA512c7e46063de41381c30ad9954679d86a68272a12e9d8eb0bd788dbea9e03d95191c2de1027bf14e85edc2e158d76eae26f39da2b74ea756aeaec145123fd85824