c82b4d8f4f5dcf00f8c71a80f21eb72fbec3b03199759dc3f91c1fbe1fbb3917

Analysis

max time kernel
144s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

serial_port_utility_539_3728.exe
Size

18.8MB
MD5

f459b6640ec80a755bcac460fe01fafb
SHA1

2c7ee244be17d5ffd6d4efd993cb63d9aef9f068
SHA256

c82b4d8f4f5dcf00f8c71a80f21eb72fbec3b03199759dc3f91c1fbe1fbb3917
SHA512

0b809162e33fd0b483c63280d38d904beddee69b339e616fcb816e71a4a930925589ab8130fd1a178563f9977bfd97f18971ecdf602becd087cd21cb91da9410
SSDEEP

393216:eGW2MS6di3MWEn5m1ALOyJUH19MBMky0SkyAyQwQATRILVj3ofgnA:J6dnWs56ALpU3Sq0zEQ4ehYt

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2508	serial_port_utility_539_3728.tmp

Loads dropped DLL 1 IoCs

pid	Process
2496	serial_port_utility_539_3728.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	serial_port_utility_539_3728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	serial_port_utility_539_3728.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2508	2496	serial_port_utility_539_3728.exe	30
PID 2496 wrote to memory of 2508	2496	serial_port_utility_539_3728.exe	30
PID 2496 wrote to memory of 2508	2496	serial_port_utility_539_3728.exe	30
PID 2496 wrote to memory of 2508	2496	serial_port_utility_539_3728.exe	30
PID 2496 wrote to memory of 2508	2496	serial_port_utility_539_3728.exe	30
PID 2496 wrote to memory of 2508	2496	serial_port_utility_539_3728.exe	30
PID 2496 wrote to memory of 2508	2496	serial_port_utility_539_3728.exe	30

C:\Users\Admin\AppData\Local\Temp\serial_port_utility_539_3728.exe
"C:\Users\Admin\AppData\Local\Temp\serial_port_utility_539_3728.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\is-BMRNN.tmp\serial_port_utility_539_3728.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BMRNN.tmp\serial_port_utility_539_3728.tmp" /SL5="$400F8,18698580,825344,C:\Users\Admin\AppData\Local\Temp\serial_port_utility_539_3728.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-BMRNN.tmp\serial_port_utility_539_3728.tmp

Filesize
3.2MB

MD5
c5c9b0bed0141b068fd440acc9f2d80a

SHA1
fe58aa09b03103facfe28305d6bb5024e7c029bf

SHA256
9c47bd944f15834c7fd84079adb7a37a638d4867dede5b74cf344492a654616c

SHA512
7f54aeeba88ba7a2e1042323fa89b6c65943a97d60a4454f56367c1ce379ec5b033defe2d947933155f05dc6402ac21e9975403d4319488b2cdf8a20472ccfd9

Download Submit
memory/2496-10-0x0000000000EA0000-0x0000000000F77000-memory.dmp

Filesize
860KB

Download
memory/2496-2-0x0000000000EA1000-0x0000000000F49000-memory.dmp

Filesize
672KB

Download
memory/2496-0-0x0000000000EA0000-0x0000000000F77000-memory.dmp

Filesize
860KB

Download
memory/2508-18-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-24-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-14-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-16-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-8-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-20-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-22-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-12-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-26-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-28-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-30-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-32-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-34-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-36-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download
memory/2508-38-0x0000000000DB0000-0x00000000010E7000-memory.dmp

Filesize
3.2MB

Download