bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe
Size

37KB
MD5

34653defc5590ad8ab791193ac4a9dde
SHA1

b8c4575d9c41184c03224a9f23e458a5f0b28ea2
SHA256

bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05
SHA512

37b6d91801b5fd11701946cac2411750cef92e33e71665ea26f0cfdd270aee6ca8d2e9db9fcd48258304fedaedf86a6d9bc219f49eac458fa155d0fe210cca2b
SSDEEP

384:MApc8m4e0ovQak4JI341CLHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHP:MApQr0ovdFJI34eGxusOy9RIr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2916	sal.exe

Loads dropped DLL 2 IoCs

pid	Process
2988	bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe
2988	bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\sal.exe	bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sal.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2916	2988	bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe	30
PID 2988 wrote to memory of 2916	2988	bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe	30
PID 2988 wrote to memory of 2916	2988	bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe	30
PID 2988 wrote to memory of 2916	2988	bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe	30

C:\Users\Admin\AppData\Local\Temp\bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe
"C:\Users\Admin\AppData\Local\Temp\bd6f77ec6f654b65095a708d55dbd52c2edf718263953b4c2f3e09fb09ae5d05.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2988
- C:\windows\SysWOW64\sal.exe
  "C:\windows\system32\sal.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\sal.exe

Filesize
37KB

MD5
093ce1b1bf0922123114de2248567063

SHA1
7387122b4008174b698a88814a274fcd893cb772

SHA256
278c94352e1fd5cba298e09dff70a7cf36f98ce7a66521064c6174dd7d1c5f1c

SHA512
47df112461a286a5a49de3cc75c89c2372836aa23282a813aa5565ec4c54c64d54eda2e1044234fd43958bd56f5d32771c804ddebaebd176047711678e4f1791

Download Submit
memory/2916-11-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2916-13-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2988-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2988-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download