Overview

overview

5

Static

static

5

78ccda9ce7...bf.exe

windows7-x64

5

78ccda9ce7...bf.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    94s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78ccda9ce77fc7adb68fac21cc8019dbdc10fadd481f28f28e0428eb35828fbf.exe

  • Size

    1.2MB

  • MD5

    65a28cddb97884a94a7c9faef74300c3

  • SHA1

    8cdb55cfbf3b463246bfea5ef3b8e3de34c64149

  • SHA256

    78ccda9ce77fc7adb68fac21cc8019dbdc10fadd481f28f28e0428eb35828fbf

  • SHA512

    6085a372018483ccdb19b825c1f9bd378d5cfbd0de6312f64bd1746ddd186a392330721d25746cce1ed26ab1c746f50db5fd5b81584644978312936070ecd2b4

  • SSDEEP

    24576:Ttb20pkaCqT5TBWgNQ7aHkf45YUptDT0n5pe86A:QVg5tQ7aHkfdUbW5pf5

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78ccda9ce77fc7adb68fac21cc8019dbdc10fadd481f28f28e0428eb35828fbf.exe
    "C:\Users\Admin\AppData\Local\Temp\78ccda9ce77fc7adb68fac21cc8019dbdc10fadd481f28f28e0428eb35828fbf.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\78ccda9ce77fc7adb68fac21cc8019dbdc10fadd481f28f28e0428eb35828fbf.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aut785C.tmp
    Filesize

    281KB

    MD5

    292e198398b4804ed9b1225a460b6e95

    SHA1

    ef119638f6151a1a4b7b0a6df96817c8ccd2647b

    SHA256

    068b8518b839676c57ba3cc4d14c41bba20bed264781472aa4ae7922a0b67957

    SHA512

    2da2c70c5ff4060fb4034ade83f8167f4ec51c24d80ccef9e42c250bb1f510c5758d51e6c6145252610491933903e0881ff49b75e42bc09a70a3f9e4b8bb43b0

    Download Submit

  • memory/3800-9-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

    Download

  • memory/3800-10-0x0000000001600000-0x000000000194A000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3800-11-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

    Download

  • memory/3800-12-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

    Download

  • memory/4768-8-0x00000000013E0000-0x00000000017E0000-memory.dmp

    Filesize

    4.0MB

    Download