Analysis

  • max time kernel
    93s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/11/2024, 12:06

General

  • Target

    acddc4e0d2487f1325cc97fbc64d73b29f1c1cd95aa10552c3a73e119caab9d1.exe

  • Size

    271KB

  • MD5

    a0b8255b91009a2aa6ee4d5a16d62a6f

  • SHA1

    01b14c3e4588b3e1718a9ded5318d8f08b0761ba

  • SHA256

    acddc4e0d2487f1325cc97fbc64d73b29f1c1cd95aa10552c3a73e119caab9d1

  • SHA512

    7748d416250e15e65f2b26856fde2c6989c87cb462d1d74a1486dbe18514a1dd78e67b109b6a66a743d2dca56e63902f39799c90066a0cbb0684fbdc0cada049

  • SSDEEP

    6144:eFpiTSfDhpOQAYg718kVFRCHplF6UTSbGqJ7:RTSfDh7AL18UwJbhTSL

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\acddc4e0d2487f1325cc97fbc64d73b29f1c1cd95aa10552c3a73e119caab9d1.exe
    "C:\Users\Admin\AppData\Local\Temp\acddc4e0d2487f1325cc97fbc64d73b29f1c1cd95aa10552c3a73e119caab9d1.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1996
  • C:\PROGRA~3\Mozilla\oevgipl.exe
    C:\PROGRA~3\Mozilla\oevgipl.exe -gsmgbug
    1⤵
    • Executes dropped EXE
    • System Location Discovery: System Language Discovery
    PID:4836
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 448
      2⤵
      • Program crash
      PID:4300
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4836 -ip 4836
    1⤵
      PID:1492

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\Mozilla\oevgipl.exe

            Filesize

            271KB

            MD5

            df148051cb05cf68d1b0395dc4c6c3dd

            SHA1

            d20f2b56d550c127fa337008549c7e07eff9259d

            SHA256

            b65337731757447ad1390aec9c9480b00c0d9a59d5e74502bea59b825b84381e

            SHA512

            228a66f5dcbcf7dd55f8151cb04be486a2a17fee8f93eefeea2a2f0eaf0016dcafbcc961c7d9297ce4b9ef7c430322240ba489c6a13004322f358bd9938c17cb

          • memory/1996-0-0x0000000000400000-0x000000000045B000-memory.dmp

            Filesize

            364KB

          • memory/1996-1-0x00000000021D0000-0x000000000222C000-memory.dmp

            Filesize

            368KB

          • memory/1996-2-0x0000000000400000-0x000000000045B000-memory.dmp

            Filesize

            364KB

          • memory/1996-8-0x00000000021D0000-0x000000000222C000-memory.dmp

            Filesize

            368KB

          • memory/1996-6-0x0000000000400000-0x000000000045B000-memory.dmp

            Filesize

            364KB

          • memory/4836-9-0x0000000000400000-0x000000000045B000-memory.dmp

            Filesize

            364KB