edcd749e8e18319884f696edf8635d515bd981a3bdbb725d06c59712e1facf5e

Analysis

max time kernel
22s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edcd749e8e18319884f696edf8635d515bd981a3bdbb725d06c59712e1facf5e.exe
Size

16KB
MD5

965412aa590bfe2d2996d40839c36f12
SHA1

e1f4f1d8b5464b125932b2006e35ebf0318e5e15
SHA256

edcd749e8e18319884f696edf8635d515bd981a3bdbb725d06c59712e1facf5e
SHA512

4134b36420aa94c58629f60d89c55ef2e5cf26232bac0de8cbae59f152320522dd4b50dede79e98ce14b064ca6982369dee8634f8e81f2a3466c60c912548d76
SSDEEP

384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYvCD:hDXWipuE+K3/SSHgxmaD

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	edcd749e8e18319884f696edf8635d515bd981a3bdbb725d06c59712e1facf5e.exe

C:\Users\Admin\AppData\Local\Temp\edcd749e8e18319884f696edf8635d515bd981a3bdbb725d06c59712e1facf5e.exe
"C:\Users\Admin\AppData\Local\Temp\edcd749e8e18319884f696edf8635d515bd981a3bdbb725d06c59712e1facf5e.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5064
- C:\Users\Admin\AppData\Local\Temp\DEM9078.exe
  "C:\Users\Admin\AppData\Local\Temp\DEM9078.exe"
  2⤵
  PID:1028
- - C:\Users\Admin\AppData\Local\Temp\DEME6C6.exe
    "C:\Users\Admin\AppData\Local\Temp\DEME6C6.exe"
    3⤵
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\DEM3C68.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM3C68.exe"
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe
        
        "C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe"
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\DEME75D.exe
        
        "C:\Users\Admin\AppData\Local\Temp\DEME75D.exe"
        6⤵
        
        PID:3444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DEM3C68.exe

Filesize
16KB

MD5
5a231956108a02caf597fe056d63f814

SHA1
d5b0f531d585e76fbf90dd2455ccc097b2fad823

SHA256
f8ea2c6ededa0f67e01f60748e19ae62443f1008b1411acfc3febd78c8eb6ef7

SHA512
2b1c75b7b2206ac18a0338c8db8525f48a5ab33c1e8a7621107f1f92b926f5fff15675fb5ee91a920a3cd0dccf1b8b88c3aaa3230ce7b7dee0670971fc10c837

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEM9078.exe

Filesize
16KB

MD5
16e8ebaae54b077f2577f4c996d31628

SHA1
8ef8461e8cafbb8117d3b439742c6e8ebe68418e

SHA256
f8ce9c991cc206d2ff652cc709ed81f91f31940bbc09e211a5c1d261650209ca

SHA512
25d7ab5940b811553c54b7f6a949f318982afcf19149389b7bdab55ea98a36e70b45546c20fc46055e5835a3a7622c03936b1fdad4a878fd3dc06a50fddd5787

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe

Filesize
16KB

MD5
44b43a409680ac54af8113ae728c9890

SHA1
e4159c6778180f239769e346f33b3bc376de6588

SHA256
eca35ae18854d92c50f924116ea2c53a4e31781df474e452a43cd73c5586f4fd

SHA512
2e7c955cae06a9dbe8a32598d5b17983a2cf80959fc024f7253285525230a6aa164c37e37b089b616eff2ff56baece39a2e8a474df067ff1e894f1835fb37e6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEME6C6.exe

Filesize
16KB

MD5
0359048cc4e7ee092a6eeb52b63d1af5

SHA1
daa24de35af5e8f2c912a020fcf6671bad8d1bb2

SHA256
d3bd08e753bc763583ca401cfa40fe39eade74b534ae939753071ced2c730c35

SHA512
cb4b284ecf66b59293dca0e4446a14631030996fca1c7020b07e65884df3e971cc1cdd4d229dcca85d9f0ca338a02ec5adfd4e73e117564eeec6067e1adc3a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DEME75D.exe

Filesize
16KB

MD5
c67b5a13646f2a5d7119a0b180834d8b

SHA1
4ac662224868cbe0d14855d6f4a081983001003c

SHA256
d0dfbaa7f5a9822f57253fa3ccd8b19c1124456c913e340d50fdbd2ab592e287

SHA512
08e970f818fa2619c520775d84f83c07e2842ab15a36482f3333e1173e00ba322e91a07f7c7cdf438b831e007aaf7fd61637cacc69ba0c3d043333cc0dbda2a8

Download Submit