55f9675fc188f51fc66f2bef5dcf1c931166858fc04af1b1fcba8c5055bf7837

Analysis

max time kernel
83s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55f9675fc188f51fc66f2bef5dcf1c931166858fc04af1b1fcba8c5055bf7837.exe
Size

544KB
MD5

a4f60b303a1d7cd55449bd8d9b1f3b03
SHA1

70bfce499c252745f6f3abd1678e4293ce4b4f8c
SHA256

55f9675fc188f51fc66f2bef5dcf1c931166858fc04af1b1fcba8c5055bf7837
SHA512

35d5cb471fed41aeb6bb4981350ffec1b3c73c99dc0e8c865cb43de49e67ffc052d42b663551df5d806375f90ad6ebf2e45e26708e865afa9424087ca34e3bbc
SSDEEP

12288:goAWEzSZrxtqQ0+7ccUQf4RE37HwDJBSoG/aaD0RaN8HSvC:pAWEzn+7RfyYQFh

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2668	55f9675fc188f51fc66f2bef5dcf1c931166858fc04af1b1fcba8c5055bf7837.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	55f9675fc188f51fc66f2bef5dcf1c931166858fc04af1b1fcba8c5055bf7837.exe

C:\Users\Admin\AppData\Local\Temp\55f9675fc188f51fc66f2bef5dcf1c931166858fc04af1b1fcba8c5055bf7837.exe
"C:\Users\Admin\AppData\Local\Temp\55f9675fc188f51fc66f2bef5dcf1c931166858fc04af1b1fcba8c5055bf7837.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
435KB

MD5
76c83b1ea42cb6217cb750e12e7636b0

SHA1
a5d6c86d5055ca808738f470aa93fa3f7976a630

SHA256
9e2ad190dbb0cac0199e23dd48388f14222b00c65934c3752d5b9c6dd7a08722

SHA512
eee8f8e9f2fa11c53eb7f2348b8815a0c4abdce403b8430d109419224667d3e240f211f27e8225b06e334cde7e49ec7b6427f83c889146f8c3f55d69fa62cf60

Download Submit
memory/2668-0-0x00000000742AE000-0x00000000742AF000-memory.dmp

Filesize
4KB

Download
memory/2668-1-0x0000000000040000-0x00000000000D2000-memory.dmp

Filesize
584KB

Download
memory/2668-2-0x0000000000860000-0x0000000000866000-memory.dmp

Filesize
24KB

Download
memory/2668-3-0x00000000742A0000-0x000000007498E000-memory.dmp

Filesize
6.9MB

Download
memory/2668-8-0x00000000742A0000-0x000000007498E000-memory.dmp

Filesize
6.9MB

Download