Analysis
-
max time kernel
140s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 21:00
Static task
static1
Behavioral task
behavioral1
Sample
bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127.exe
Resource
win10v2004-20241007-en
General
-
Target
bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127.exe
-
Size
663KB
-
MD5
0877b96324534fba77dbda04e0ea1a1f
-
SHA1
ac77a4b7f3eabc59bb639984bd95ae3c12a08c93
-
SHA256
bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127
-
SHA512
f7a2be4df4fc3c848b476c7ec92747b15f4f44ea1b01feb56e69df714ab6951c0a5284e77d7df5a3a1b319937d29843679b8598281e1e3dd1c59076eb4ead41b
-
SSDEEP
12288:sHyHnziPtWmrtLxOWiQ3dj4PrgM2Z1Bvyu/Xe2fqwV/GZr5JYZmCbzqrtIGC:0CnziLtLx5/ds72/yu/zBV/GZr56bzq
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 2 iplogger.org 3 iplogger.org -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127.exe"C:\Users\Admin\AppData\Local\Temp\bc905b4dc25d943d24e1dedb50acf76cbf2ebc6ee145b323350a1df523821127.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:3020