ed7208afe648ce4679291635381e9568b01297f5710d0d1647c051804dbe696b

Analysis

max time kernel
22s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed7208afe648ce4679291635381e9568b01297f5710d0d1647c051804dbe696b.exe
Size

20KB
MD5

23e461e56cd8a38a679d1949400b35e4
SHA1

76e224a55af1724d124c53cab88d7cb461393785
SHA256

ed7208afe648ce4679291635381e9568b01297f5710d0d1647c051804dbe696b
SHA512

adc2c101ab44fec28b912677035282c799dcdccd55d27a88f06f739fd094bea01c0c5d8a53fe33e2c77f42f7785123bff5b591f441f61601600f9e7baa2ac58e
SSDEEP

384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMx+L4php:hDXWipuE+K3/SSHgxmHZphp

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed7208afe648ce4679291635381e9568b01297f5710d0d1647c051804dbe696b.exe

C:\Users\Admin\AppData\Local\Temp\ed7208afe648ce4679291635381e9568b01297f5710d0d1647c051804dbe696b.exe
"C:\Users\Admin\AppData\Local\Temp\ed7208afe648ce4679291635381e9568b01297f5710d0d1647c051804dbe696b.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4796
- C:\Users\Admin\AppData\Local\Temp\DEM7AED.exe
  "C:\Users\Admin\AppData\Local\Temp\DEM7AED.exe"
  2⤵
  PID:4132
- - C:\Users\Admin\AppData\Local\Temp\DEMD11B.exe
    "C:\Users\Admin\AppData\Local\Temp\DEMD11B.exe"
    3⤵
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\DEM26CD.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM26CD.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\DEM7C5F.exe
        
        "C:\Users\Admin\AppData\Local\Temp\DEM7C5F.exe"
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\DEMD1F1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\DEMD1F1.exe"
        6⤵
        
        PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DEM26CD.exe

Filesize
20KB

MD5
8e50537798039d0eb29afb49287cd528

SHA1
ef774305f74cb56c12e265b1b2ecc6961180d64a

SHA256
ba9acecf24b779a0e91dc87c0dffdd080c7be6d7f9cf87394d842e776fcff8a7

SHA512
d0f058964d6b7b1f8e0b89e1bfab4d6ad5ae7af88f0954fcfb793f6f0f90e4475cbbd83fe32a75cda5d1e041df74b77a786304e0cb522efb5ea0aba0eb356636

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEM7AED.exe

Filesize
20KB

MD5
e2fe59d81749350879c8957f6a27f943

SHA1
1509fc4f332cdb649738afd2116258164cfc350c

SHA256
b33fba71c74c27fd0d39ee09a8ffd814d292bde3e48ddd19b1d803a49fe66130

SHA512
97254bb4f9605fdc5a89a6685aaae360930e8c5bbcf34bcdfc41becdb5c3c59643f16193da433302a2102be10ca53946d16b869d3f0a8ea62920eee240bafcec

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEM7C5F.exe

Filesize
20KB

MD5
d4b0cd7c69ad646c3cdf62ce1049f276

SHA1
737af6249fad36dc5a55540fab7ea5ede42ba71c

SHA256
53a86bf589f4847498e39c53036bf2f7a1364ff8f370fa2a5275957088c8ed1b

SHA512
b716456b88198d9990402311d21482c646595984d47334368d343919ddb375943e1e1d40c935c5c1f8a8045283d6c23e233564381c96be6e4497ff37835098b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEMD11B.exe

Filesize
20KB

MD5
912a805059d44f41a6e02464b2ce2dbc

SHA1
d9e8ef21e53d76be10df9347107750d6e2dbfebd

SHA256
faa8f90c808a418a0850503bc806323f50e92fc75302c0f6f36d5e167f0b0b8a

SHA512
8fa06a0ad0033290c3ee3052c0cd61e651f6beb5b6344bb00c62b13295dca1f0eef81f4c274af9bc1aef250362c2307461e15e7e998cf030f85baef7f211dd2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEMD1F1.exe

Filesize
20KB

MD5
cd9eade640485c25c4fa6510d9ed368b

SHA1
7df00ca2bd8df649372cb10da5c4d5e515808c27

SHA256
35b91999ec532065d2784b22f032b37b73723e2a585550ea51d1302c6a9f5bfc

SHA512
227167fa7dc54da05ea4616c31fcd044814db2c2da73c4c5dec74e7b5cd6a3fef2c4bf8dfe45340a455d7df9d7cccba1c810a5961780aa57ee45536d109747a3

Download Submit