Analysis
-
max time kernel
135s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11/11/2024, 10:56
General
-
Target
Piraeus Payment 11.11.2024.exe
-
Size
77.0MB
-
MD5
6ec59574b2c103bebf0e1eb8581a7e72
-
SHA1
3e535f051221d7224ba3dc3ed82348b3878229cc
-
SHA256
1156bb4a48995534cffe5910ea49b3bd5b5b50d60721adbfc191af0cce5f1ce6
-
SHA512
4a414429d2b3d785b2fee33e12e6fc9734cf8898a8de2eb838007885759465d4bf25569547c2769eadb07f223a81bd5decc07ff2ee5511d419d2343f6bea2001
-
SSDEEP
24576:65EmXFtKaL4/oFe5T9yyXYfP1ijXdaK9blP/4FmqIMCsFEAaJpSZ:6PVt/LZeJbInQRaK9xP/4VCZp
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Piraeus Payment 11.11.2024.exe"C:\Users\Admin\AppData\Local\Temp\Piraeus Payment 11.11.2024.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"C:\Users\Admin\AppData\Local\Temp\Piraeus Payment 11.11.2024.exe"2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 6922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3004 -ip 30041⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.0MB