Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 19:52

General

  • Target

    6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe

  • Size

    14.8MB

  • MD5

    5bc14854cfde8182353af385c33a4d1c

  • SHA1

    3c46394b816b9c729929b647bc2ce2f92b59e676

  • SHA256

    6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30

  • SHA512

    6c432197b90980af454639b9ed09c3dd98dab25f36d21867d91c86b918299234a99a9743739632153e2807f0eb1350bd3617e37abce8ac315898eb1ae69fd1fc

  • SSDEEP

    393216:hGa0JBMVsyBVs1vr3feq6Xn7qnK0Kaf0iW2gTMW1UhSVJKvItsuWGBgggvRggg:SB6syBVIvr3fA7qK0KS0bbBpJKvIWH

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe
    "C:\Users\Admin\AppData\Local\Temp\6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E2EECore.2.3.0.dll

    Filesize

    8.2MB

    MD5

    b36c5ac6ebe053d9c9e638b688723f46

    SHA1

    63c51f04293e26a8a49fa04c5e0b342ffae5381f

    SHA256

    860394ea3a52757ce1a875e5a598c3c30752a673150df37b7c0e599f224f5877

    SHA512

    933f428911ed0e56fa201f124ab85f5383cf9ae3465516c8eaf4d2d63788ffd3812df67f3fd75a1304b26e4bcebc6bd84fa08563dd5b9c4727f86bf96a0d5a09

  • \Users\Admin\AppData\Local\Temp\iext1.fnr.bbs.125.la

    Filesize

    722KB

    MD5

    28153e30009c985765f75d9f32199d1d

    SHA1

    893a17e7599649cd26134b7b6f8aa71c6aef305e

    SHA256

    fdaabed895fa6d3e44dd4dfcaa67968d282acfada25cb9bf936dc93557982023

    SHA512

    e8a204ae206b21ede9f811a29675d477360c9364f51dd796d1a5c01e9fa690500a968427180bfdbe84932672fee7a43523ab3deb2f2942b18e43764aca5df606

  • \Users\Admin\AppData\Local\Temp\libeay32.dll

    Filesize

    1.2MB

    MD5

    e5e521468e2a9f9b314e06e29116b5a9

    SHA1

    4044a4efd7998e8c4245e632b18056b089f0aa53

    SHA256

    19b4d189a73b79a73c2ddd678ed5ff7357d92494cf76a21372a58e3dce075d50

    SHA512

    71b7fca9d2bf361daaa69f3855e49f635183b6a2c6fa7f82376c7e565694d14859adb649cdf8d12b6b6749f4777948d9164a2a8580143171f2970ce8b28f3a41

  • memory/2232-9-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

  • memory/2232-5-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

  • memory/2232-30-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

  • memory/2232-29-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

  • memory/2232-27-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

  • memory/2232-24-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

  • memory/2232-22-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

  • memory/2232-19-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

  • memory/2232-17-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

  • memory/2232-14-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

  • memory/2232-12-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

  • memory/2232-34-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

  • memory/2232-7-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

  • memory/2232-32-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

  • memory/2232-4-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2232-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2232-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2232-39-0x0000000000400000-0x00000000024DA000-memory.dmp

    Filesize

    32.9MB

  • memory/2232-44-0x0000000000400000-0x00000000024DA000-memory.dmp

    Filesize

    32.9MB

  • memory/2232-38-0x0000000000C21000-0x0000000001604000-memory.dmp

    Filesize

    9.9MB

  • memory/2232-51-0x0000000000400000-0x00000000024DA000-memory.dmp

    Filesize

    32.9MB

  • memory/2232-49-0x0000000010000000-0x00000000105A1000-memory.dmp

    Filesize

    5.6MB

  • memory/2232-35-0x0000000000400000-0x00000000024DA000-memory.dmp

    Filesize

    32.9MB

  • memory/2232-54-0x0000000000400000-0x00000000024DA000-memory.dmp

    Filesize

    32.9MB

  • memory/2232-55-0x0000000000C21000-0x0000000001604000-memory.dmp

    Filesize

    9.9MB