Analysis
-
max time kernel
94s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-11-2024 07:22
General
-
Target
f88a8a2d76d4c0e6cd190fc96c22bca3e9e86c5040ab059dfff786710a9d4682.exe
-
Size
1.1MB
-
MD5
51b591af51c719fe45c77aefd310b748
-
SHA1
8ba7fef83fbd129616b8e94e0c489c412bd70ae3
-
SHA256
f88a8a2d76d4c0e6cd190fc96c22bca3e9e86c5040ab059dfff786710a9d4682
-
SHA512
da1ed6e4cc287eb264abc43793c1a44df3abc56a94db81f9182f952468304993e97a8a50f46d37e253d1f44b8bfa073c931902161c5d4532c87b9a2300f8e080
-
SSDEEP
24576:WfmMv6Ckr7Mny5Qti452VFcjvzjr0A0/1D6d:W3v+7/5Qtl52PEL/0A0/1D6d
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Executes dropped EXE 1 IoCs
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f88a8a2d76d4c0e6cd190fc96c22bca3e9e86c5040ab059dfff786710a9d4682.exe"C:\Users\Admin\AppData\Local\Temp\f88a8a2d76d4c0e6cd190fc96c22bca3e9e86c5040ab059dfff786710a9d4682.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\meshuggenah\subpredicate.exe"C:\Users\Admin\AppData\Local\Temp\f88a8a2d76d4c0e6cd190fc96c22bca3e9e86c5040ab059dfff786710a9d4682.exe"2⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\Users\Admin\AppData\Local\Temp\f88a8a2d76d4c0e6cd190fc96c22bca3e9e86c5040ab059dfff786710a9d4682.exe"3⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 7523⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4188 -ip 41881⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD56079a0802e91cb9f5da4e71139ff1e79
SHA189414da06acd2285aa91a604cab3f37a733f62e1
SHA256af11511f747b4b2b353a22912449a2ab957dacf7e2854eec985a0a371c92503a
SHA512c7a9cb8d1e326e1ddea3342561b83c7a8a90aa3ad99d2b91d3b8fcc307846d378559578d666ad288eea5211de5f833009adeba37197bd601f0de5965144fac2a
-
Filesize
1.1MB
MD551b591af51c719fe45c77aefd310b748
SHA18ba7fef83fbd129616b8e94e0c489c412bd70ae3
SHA256f88a8a2d76d4c0e6cd190fc96c22bca3e9e86c5040ab059dfff786710a9d4682
SHA512da1ed6e4cc287eb264abc43793c1a44df3abc56a94db81f9182f952468304993e97a8a50f46d37e253d1f44b8bfa073c931902161c5d4532c87b9a2300f8e080
-
Filesize
4.0MB
-
Filesize
4.0MB