Overview

overview

7

Static

static

3

e5ef3432d8...7d.exe

windows7-x64

7

e5ef3432d8...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d.exe

  • Size

    9.5MB

  • MD5

    90d5e7aa5e0229331cb81a12f93dbc4e

  • SHA1

    92640d12e620b2b9f6716c7ab5b85dd17aac3c73

  • SHA256

    e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d

  • SHA512

    c1e5613e068156b1b0f74b7164d0927d22c623387f7776f531ab9a7afbef35e9ad1bf91d240460666c769a2b06285ce4785952239ac98cdcd1fe7779d9c2e38f

  • SSDEEP

    196608:b/qI5PDqI5PLo5Q5PoqI5PLBqINqlo5Q5P8dPb:biLYb78

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d.exe
    "C:\Users\Admin\AppData\Local\Temp\e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Users\Admin\AppData\Local\Temp\etapqj.exe
      C:\Users\Admin\AppData\Local\Temp\etapqj.exe -run C:\Users\Admin\AppData\Local\Temp\e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\etapqj.exe
    Filesize

    11.0MB

    MD5

    2c2998efba3a16e4fff357d6f78826d6

    SHA1

    b1be41572abe75834a173021c8098f68e51cad71

    SHA256

    62db4507d447a0229de181dd08d9a8c59135f12ba9f0bd6205ce0a48a8b5fef3

    SHA512

    c49aede4f29512a8fa8f1f20d6e2801594ef453dc94a88cc0e1e2ff95195786d5f1989f55d6d0bde9146ba1a48d5aaf108d8d2be703e07d8711ac8c78f3afbc0

    Download Submit

  • memory/2620-0-0x0000000000400000-0x00000000005CC000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2620-6-0x0000000000400000-0x00000000005CC000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3628-5-0x0000000000400000-0x00000000005CC000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3628-8-0x0000000000770000-0x0000000000771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3628-16-0x0000000000400000-0x00000000005CC000-memory.dmp

    Filesize

    1.8MB

    Download