Overview

overview

10

Static

static

10

0c3b09213f...3c.exe

windows7-x64

8

0dab0428b4...50.exe

windows7-x64

10

14d09a259f...32.exe

windows7-x64

10

16c49d6775...56.exe

windows7-x64

7

1d241bd0b7...f4.exe

windows7-x64

9

2.exe

windows7-x64

6

287a6b75d1...ad.exe

windows7-x64

10

35b0676421...82.exe

windows7-x64

10

39deb2f02f...9f.exe

windows7-x64

8

4.exe

windows7-x64

7

4a0f399840...33.exe

windows7-x64

10

5.exe

windows7-x64

8

53bdaf567e...fc.exe

windows7-x64

7

6.exe

windows7-x64

5

646677375b...36.exe

windows7-x64

9

6dfb9490b1...f8.exe

windows7-x64

6

7.exe

windows7-x64

10

71a20e2700...db.exe

windows7-x64

3

835b0ef8f5...35.exe

windows7-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

b15b78937c...ac.exe

windows7-x64

7

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

b3dc1bb1c7...1b.exe

windows7-x64

5

b4e3091d31...81.exe

windows7-x64

10

c1b35d3d70...c3.exe

windows7-x64

10

caa5f52a78...78.exe

windows7-x64

10

d2878de61f...0b.exe

windows7-x64

7

dbadeff4af...30.exe

windows7-x64

10

f5d893afc4...e9.exe

windows7-x64

9

Analysis

  • max time kernel
    599s
  • max time network
    602s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6.exe

  • Size

    5.3MB

  • MD5

    4c2fdadb29f624ff540c0e2790b60987

  • SHA1

    e4b95dd05aa80f8380554590359ba63036c76e69

  • SHA256

    b3dc1bb1c72c6bda1a7508147b2c92021aa18eb99d419db7e8245f32979cd01b

  • SHA512

    03a26f8769f46ca5b8bdc9fb44b8ed4a56dfab21a8948516a2fabdbbde7f9c73f708c11c1540ce8c2e0ff47ab539e0780b202c249fe3ebd5423ae31e922294b3

  • SSDEEP

    98304:z4ARSOULuXDTLjEGxGUiibSpRZxP4BPXWtqZLr8U+GzNQ12Pe7Xw1:z4NOUL+PECGUiUS1xgJge7xwa

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6.exe
    "C:\Users\Admin\AppData\Local\Temp\6.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:2368
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2216-211-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2216-216-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2216-215-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2216-212-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2368-33-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-137-0x0000000002B20000-0x0000000002B2A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2368-20-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-18-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-15-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-13-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-0-0x0000000000426000-0x0000000000764000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2368-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-6-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-5-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-45-0x0000000000400000-0x0000000000CA9000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/2368-44-0x0000000000400000-0x0000000000CA9000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/2368-41-0x0000000000400000-0x0000000000CA9000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/2368-40-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-38-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-36-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-46-0x0000000000400000-0x0000000000CA9000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/2368-10-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-23-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-35-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-47-0x00000000028D0000-0x00000000028FC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2368-48-0x0000000002950000-0x000000000297A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2368-68-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-66-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-64-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-62-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-60-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-58-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-56-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-54-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-52-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-50-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-49-0x0000000002950000-0x0000000002974000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2368-31-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-183-0x0000000000426000-0x0000000000764000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2368-25-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-28-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-30-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download