fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe
Size

1.0MB
MD5

84c790199dc83e16886bd81bd49e7178
SHA1

58bdd4bc3a01a38dc2787d19d43daace5916c75a
SHA256

fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8
SHA512

c5369de72b48214533a3bfe1689195f3df8def38a0065cf9a4e6eee0523abec123022996f78a40a17debe9733d31e8ec30ddc48fda6204043d04fbff8dc1c359
SSDEEP

24576:dgdhhQGGnnazLpj4VHogiuGPYm51skpiOrE5JoY0:dqgazxcGPp51skUcEroY0

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

bxp.exe

pid process

2140 bxp.exe
Drops file in Program Files directory 1 IoCs

Processes:

fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe

description ioc process

File created C:\Program Files (x86)\xadsc\bxp.exe fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe

pid	process
2140	bxp.exe

description	ioc	process
File created	C:\Program Files (x86)\xadsc\bxp.exe	fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exebxp.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bxp.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe

description	pid	process	target process
PID 1364 wrote to memory of 2140	1364	fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe	bxp.exe
PID 1364 wrote to memory of 2140	1364	fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe	bxp.exe
PID 1364 wrote to memory of 2140	1364	fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe	bxp.exe

C:\Users\Admin\AppData\Local\Temp\fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe
"C:\Users\Admin\AppData\Local\Temp\fbfe50e10c2dac74a5a09bf7760822f9f332a751a2266ec2a044b468078431a8.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files (x86)\xadsc\bxp.exe
  "C:\Program Files (x86)\xadsc\bxp.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\xadsc\bxp.exe

Filesize
1.0MB

MD5
41e81bca77a8dd005b1a81b11718fea5

SHA1
41954e7944da24908a6659ab09727819594d17aa

SHA256
5fc2ceea0e45dea5f673014607e4a0682fffbe37c094795ec33ba2068d3aab55

SHA512
7c3f9e874d22431d6f2d555147414d3df4df9523ac86163f0353603ac66c2994040bba380e3d1d6115efef7accca64abf59c524de855cb9686868ec5d88c404a

Download Submit
memory/1364-3-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2140-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download