Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 01:32

General

  • Target

    219811a79baedfc3b6ccd42ccab52e166721cb7e2c5d2b6311c4675ee257ad8fN.exe

  • Size

    750KB

  • MD5

    6e312f1611fa9f1acfe1bc9842893e30

  • SHA1

    3d4c0a12f51c40a5442dd1519b347805a26988f3

  • SHA256

    219811a79baedfc3b6ccd42ccab52e166721cb7e2c5d2b6311c4675ee257ad8f

  • SHA512

    84649cc00b62ccb372495c86806b646a9bf2bc6d8cee8a81a66a4cc49e329ad995277f116c49e1bb6b9d3ede6d10eeb3ddd81da9247661f6678ecfafb3f72291

  • SSDEEP

    12288:FaF39CnbpC+2EpDvKEdG11LOORYQgTeS+FBCILmXz7Iqkcw82QFsztr/:FGNCnbpCv0Dvlw1pRY3TeJ3CYmXBjwRz

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Gathers system information 1 TTPs 5 IoCs

    Runs systeminfo.exe.

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\219811a79baedfc3b6ccd42ccab52e166721cb7e2c5d2b6311c4675ee257ad8fN.exe
    "C:\Users\Admin\AppData\Local\Temp\219811a79baedfc3b6ccd42ccab52e166721cb7e2c5d2b6311c4675ee257ad8fN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\SysWOW64\CMD.exe
      CMD /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "C:\Users\Admin\AppData\Local\Temp\219811a79baedfc3b6ccd42ccab52e166721cb7e2c5d2b6311c4675ee257ad8fN.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1924
      • C:\Windows\SysWOW64\systeminfo.exe
        SYSTEMINFO
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers system information
        PID:2368
      • C:\Windows\SysWOW64\systeminfo.exe
        SYSTEMINFO
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers system information
        PID:2828
      • C:\Windows\SysWOW64\systeminfo.exe
        SYSTEMINFO
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers system information
        PID:2792
      • C:\Windows\SysWOW64\systeminfo.exe
        SYSTEMINFO
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers system information
        PID:2208
      • C:\Windows\SysWOW64\systeminfo.exe
        SYSTEMINFO
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers system information
        PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2168-0-0x0000000000400000-0x000000000058E000-memory.dmp

    Filesize

    1.6MB

  • memory/2168-1-0x0000000001DC0000-0x0000000001E43000-memory.dmp

    Filesize

    524KB

  • memory/2168-2-0x00000000001D0000-0x00000000001E7000-memory.dmp

    Filesize

    92KB

  • memory/2168-4-0x0000000002300000-0x00000000023E6000-memory.dmp

    Filesize

    920KB

  • memory/2168-5-0x00000000024E0000-0x00000000025CB000-memory.dmp

    Filesize

    940KB

  • memory/2168-7-0x0000000000400000-0x000000000058E000-memory.dmp

    Filesize

    1.6MB

  • memory/2168-8-0x00000000001D0000-0x00000000001E7000-memory.dmp

    Filesize

    92KB