Analysis
-
max time kernel
91s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/11/2024, 12:29
Static task
static1
Behavioral task
behavioral1
Sample
c0ffc0537b08f2b8e752a75e940c3a004021cb7d18b0511014b28a98273a09a1.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
c0ffc0537b08f2b8e752a75e940c3a004021cb7d18b0511014b28a98273a09a1.exe
Resource
win10v2004-20241007-en
General
-
Target
c0ffc0537b08f2b8e752a75e940c3a004021cb7d18b0511014b28a98273a09a1.exe
-
Size
229KB
-
MD5
70eacd9f022d3229dd2ce201fc6c7391
-
SHA1
7a5846082eb2404ca64cfeea5ebb2ed9a062d8fe
-
SHA256
c0ffc0537b08f2b8e752a75e940c3a004021cb7d18b0511014b28a98273a09a1
-
SHA512
f51e5e2d12eabb8e25f7e41d3f73d401e7384a6cde8d473f27116ac7858cada614664e7f20732cefdf71e6170b306b78a8e47e684db5e1c05888f9701122a5e6
-
SSDEEP
3072:URtnaxdjv3SoCrKdKUUTNHY5Snf8TvHTxK3STrOdHa5S2jbxWGqJsS:dj8rKdKUUhHYE0T7ciXOdHa5SbGqJx
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Executes dropped EXE 1 IoCs
pid Process 2044 fchgaxm.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\fchgaxm.exe c0ffc0537b08f2b8e752a75e940c3a004021cb7d18b0511014b28a98273a09a1.exe File created C:\PROGRA~3\Mozilla\jwkknvd.dll fchgaxm.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c0ffc0537b08f2b8e752a75e940c3a004021cb7d18b0511014b28a98273a09a1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fchgaxm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0ffc0537b08f2b8e752a75e940c3a004021cb7d18b0511014b28a98273a09a1.exe"C:\Users\Admin\AppData\Local\Temp\c0ffc0537b08f2b8e752a75e940c3a004021cb7d18b0511014b28a98273a09a1.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4804
-
C:\PROGRA~3\Mozilla\fchgaxm.exeC:\PROGRA~3\Mozilla\fchgaxm.exe -pjrnomj1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
229KB
MD5b144eeb8b8e371e94ff3dd855e79be71
SHA15f02903de34db35201cde6631f0d2586b5118007
SHA256c553abee7db1ee698c8b3d660e56dd88e107185060fe6423e16392b942b3206b
SHA51297ba3db0cf1e94450e1352b529e8c3be2335d0971ef92ca620f6f5e03a97dfe31b944e86c1e3c32b02125e4c0815fa70767266d72aeb0eb4a34e25faa63c3dfe