Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-11-2024 19:52
Behavioral task
behavioral1
Sample
6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe
Resource
win7-20240903-en
General
-
Target
6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe
-
Size
14.8MB
-
MD5
5bc14854cfde8182353af385c33a4d1c
-
SHA1
3c46394b816b9c729929b647bc2ce2f92b59e676
-
SHA256
6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30
-
SHA512
6c432197b90980af454639b9ed09c3dd98dab25f36d21867d91c86b918299234a99a9743739632153e2807f0eb1350bd3617e37abce8ac315898eb1ae69fd1fc
-
SSDEEP
393216:hGa0JBMVsyBVs1vr3feq6Xn7qnK0Kaf0iW2gTMW1UhSVJKvItsuWGBgggvRggg:SB6syBVIvr3fA7qK0KS0bbBpJKvIWH
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
Processes:
6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exepid process 2232 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe 2232 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe 2232 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe -
Processes:
resource yara_rule behavioral1/memory/2232-35-0x0000000000400000-0x00000000024DA000-memory.dmp vmprotect behavioral1/memory/2232-39-0x0000000000400000-0x00000000024DA000-memory.dmp vmprotect behavioral1/memory/2232-44-0x0000000000400000-0x00000000024DA000-memory.dmp vmprotect behavioral1/memory/2232-51-0x0000000000400000-0x00000000024DA000-memory.dmp vmprotect behavioral1/memory/2232-54-0x0000000000400000-0x00000000024DA000-memory.dmp vmprotect -
Processes:
resource yara_rule behavioral1/memory/2232-49-0x0000000010000000-0x00000000105A1000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exepid process 2232 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe 2232 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe 2232 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exepid process 2232 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe 2232 6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe"C:\Users\Admin\AppData\Local\Temp\6555646b8fbf91336af0a17c6a344bbadf9db44d9768f275b0250e875e880c30.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.2MB
MD5b36c5ac6ebe053d9c9e638b688723f46
SHA163c51f04293e26a8a49fa04c5e0b342ffae5381f
SHA256860394ea3a52757ce1a875e5a598c3c30752a673150df37b7c0e599f224f5877
SHA512933f428911ed0e56fa201f124ab85f5383cf9ae3465516c8eaf4d2d63788ffd3812df67f3fd75a1304b26e4bcebc6bd84fa08563dd5b9c4727f86bf96a0d5a09
-
Filesize
722KB
MD528153e30009c985765f75d9f32199d1d
SHA1893a17e7599649cd26134b7b6f8aa71c6aef305e
SHA256fdaabed895fa6d3e44dd4dfcaa67968d282acfada25cb9bf936dc93557982023
SHA512e8a204ae206b21ede9f811a29675d477360c9364f51dd796d1a5c01e9fa690500a968427180bfdbe84932672fee7a43523ab3deb2f2942b18e43764aca5df606
-
Filesize
1.2MB
MD5e5e521468e2a9f9b314e06e29116b5a9
SHA14044a4efd7998e8c4245e632b18056b089f0aa53
SHA25619b4d189a73b79a73c2ddd678ed5ff7357d92494cf76a21372a58e3dce075d50
SHA51271b7fca9d2bf361daaa69f3855e49f635183b6a2c6fa7f82376c7e565694d14859adb649cdf8d12b6b6749f4777948d9164a2a8580143171f2970ce8b28f3a41