b1a995a7a2b9fb27c05328a43f2fce6d94f0cb1308cc33ccfb2c4af70a5417d4

Analysis

max time kernel
95s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1a995a7a2b9fb27c05328a43f2fce6d94f0cb1308cc33ccfb2c4af70a5417d4N.exe
Size

8.9MB
MD5

2990796e66144ec3998d56a3f646b920
SHA1

8c0a1d0399ad87b0a5ffb24e18456ced8cdded6b
SHA256

b1a995a7a2b9fb27c05328a43f2fce6d94f0cb1308cc33ccfb2c4af70a5417d4
SHA512

1e250f6f92bdec419e16a84b1027e5ed9b56ffe5a4e0d84b40d712948eec8e15403de8498b39b17bb0c5c303d34c60cc8707e590b47cb0cd2a1c5836193ec6e8
SSDEEP

196608:s7777777777777777777777777777777777777777777777F:M

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4448	svrwsc.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\svrwsc.exe	b1a995a7a2b9fb27c05328a43f2fce6d94f0cb1308cc33ccfb2c4af70a5417d4N.exe
File created	C:\Windows\SysWOW64\svrwsc.exe	svrwsc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b1a995a7a2b9fb27c05328a43f2fce6d94f0cb1308cc33ccfb2c4af70a5417d4N.exe

C:\Users\Admin\AppData\Local\Temp\b1a995a7a2b9fb27c05328a43f2fce6d94f0cb1308cc33ccfb2c4af70a5417d4N.exe
"C:\Users\Admin\AppData\Local\Temp\b1a995a7a2b9fb27c05328a43f2fce6d94f0cb1308cc33ccfb2c4af70a5417d4N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:3296

C:\Windows\SysWOW64\svrwsc.exe
C:\Windows\SysWOW64\svrwsc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\svrwsc.exe

Filesize
9.3MB

MD5
2124a1598953197df4cf1fce968732b3

SHA1
9e546d713d2d35bbef6c3697b759f37f6a779261

SHA256
de254934ebf32cb343465598242c5ebc9019c335bd84436452a764f65b7b92f4

SHA512
ff3756da17a673a914b6fae1608b0cd88d771bb9862b09410ed4849ae1e1550a7fbf84c5efef735f61dcc11d58babb367e0fc452252cd106d7e470f786900805

Download Submit