Overview

overview

10

Static

static

10

Bin1799/Ca...ll.exe

windows7-x64

10

Bin1799/Ca...ll.exe

windows10-2004-x64

10

Bin1799/Client.exe

windows7-x64

5

Bin1799/Client.exe

windows10-2004-x64

5

Bin1799/Pl...u.html

windows7-x64

3

Bin1799/Pl...u.html

windows10-2004-x64

3

Bin1799/Pl...E.html

windows7-x64

3

Bin1799/Pl...E.html

windows10-2004-x64

3

Bin1799/Pl...e.html

windows7-x64

3

Bin1799/Pl...e.html

windows10-2004-x64

3

Bin1799/Pl...E.html

windows7-x64

3

Bin1799/Pl...E.html

windows10-2004-x64

3

Bin1799/Pl...32.exe

windows7-x64

3

Bin1799/Pl...32.exe

windows10-2004-x64

3

Bin1799/Pl...64.exe

windows7-x64

1

Bin1799/Pl...64.exe

windows10-2004-x64

1

Bin1799/Pl...te.exe

windows7-x64

3

Bin1799/Pl...te.exe

windows10-2004-x64

3

Bin1799/Pl...ck.exe

windows7-x64

5

Bin1799/Pl...ck.exe

windows10-2004-x64

5

Bin1799/Pl...de.bat

windows7-x64

10

Bin1799/Pl...de.bat

windows10-2004-x64

10

Bin1799/Pl...de.exe

windows7-x64

1

Bin1799/Pl...de.exe

windows10-2004-x64

3

Bin1799/Pl...eo.dll

windows7-x64

1

Bin1799/Pl...eo.dll

windows10-2004-x64

1

Bin1799/Pl...ax.dll

windows7-x64

3

Bin1799/Pl...ax.dll

windows10-2004-x64

3

Bin1799/Pl..._t.dll

windows7-x64

3

Bin1799/Pl..._t.dll

windows10-2004-x64

3

Bin1799/SkinH.dll

windows7-x64

5

Bin1799/SkinH.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18-11-2024 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bin1799/Plugins/termsrv_t.dll

  • Size

    210KB

  • MD5

    a77219a971029dc2fb683e8513713803

  • SHA1

    1c456520a7b7faf71900c71167038185f5a7d312

  • SHA256

    1eba9a909641e64e935090956b03182335d298cad78052cef3b3f75691eb3f50

  • SHA512

    06c8a1ce76f1600e2c791f9e634f9559c82948d0f7cc93648981476191e4c9f36cb5ee4148ee1fe94960e7275fc9d61550cab6ea0a43e783a0b7819764fd6215

  • SSDEEP

    3072:PtNuBp/YIDqobOlqVLBBjAg79G1T65ZF8p5LGvPEDRRQLUMPZU2GdH8CN9uiecd:PtNuBSID4AVdVAWF8p5L2ECPZzCN1

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bin1799\Plugins\termsrv_t.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bin1799\Plugins\termsrv_t.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2120-0-0x00000000001F0000-0x000000000022F000-memory.dmp

    Filesize

    252KB

    Download