Overview

overview

7

Static

static

3

f84bc73c34...7N.exe

windows7-x64

7

f84bc73c34...7N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    32s
  • max time network
    37s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f84bc73c3480fc5f09a7ef5a1d86adead3f680558a7d8c446c1c47ae5018a2b7N.exe

  • Size

    54KB

  • MD5

    f9c6647931596c73754d7470e72c4300

  • SHA1

    d1fe7ada543f19515fe23b2ed5526aeec56522d2

  • SHA256

    f84bc73c3480fc5f09a7ef5a1d86adead3f680558a7d8c446c1c47ae5018a2b7

  • SHA512

    b071486bfc185e0235b71ec7d0ed69748b6da32fe9ec510d43d5016cfb0c37551acaa9e7afb52def546f18134eab9a26d259e7503fa63357d9c1dfb16b08569d

  • SSDEEP

    768:2PitRNEGtXXnZ/JudBDtcUtdVCxVOS3fNGq5xgBt3bMEZ:RF3wDtkx3P5xsrMEZ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f84bc73c3480fc5f09a7ef5a1d86adead3f680558a7d8c446c1c47ae5018a2b7N.exe
    "C:\Users\Admin\AppData\Local\Temp\f84bc73c3480fc5f09a7ef5a1d86adead3f680558a7d8c446c1c47ae5018a2b7N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
      "C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hcbnaf.exe
    Filesize

    54KB

    MD5

    5949f9bf4108ba2f3ce54745e840def0

    SHA1

    511ae9fa2d07432da6d8fdb439305c3a06654021

    SHA256

    1eb573a588879f72c58349dcd5bfa750a01bf4ba766ed8f9e2af6ae2b6eecc98

    SHA512

    f05e3ca7b9ed099246f2e29f05a674676c666fa46791e8deac41eb77b9902689760d5540f38b4fd06ef464a43e2f84fb9b9ffe1b2623a7b5c008c63f770af4bf

    Download Submit

  • memory/2856-1-0x0000000000240000-0x0000000000245000-memory.dmp

    Filesize

    20KB

    Download