Overview

overview

10

Static

static

3

9900f17982...ae.exe

windows7-x64

10

9900f17982...ae.exe

windows10-2004-x64

7

$PLUGINSDI...pi.dll

windows7-x64

10

$PLUGINSDI...pi.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9900f17982dbcce4d71a73e9597eef72e047bc31e0fc0b6e1f8a8bb6b31956ae.exe

  • Size

    378KB

  • MD5

    5cd3ecc6fce1412c76dac663c0bcf8d0

  • SHA1

    11b58a9f67d44e8f6410188242aa8a9be5a0890c

  • SHA256

    9900f17982dbcce4d71a73e9597eef72e047bc31e0fc0b6e1f8a8bb6b31956ae

  • SHA512

    0c1c822652f82178864df841c4e0dc946c4148a22d00262fe39f64459efd41b5d17987c86d0ac91830a246e89c1bcd39ec5c253bcfb027af3e91551045326463

  • SSDEEP

    6144:68LxBbme9sRA4OyhLgHPvBsR/SU2TPs5t775BYBqbdzXYnat:MP28hs3oGPgVu8bF+U

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9900f17982dbcce4d71a73e9597eef72e047bc31e0fc0b6e1f8a8bb6b31956ae.exe
    "C:\Users\Admin\AppData\Local\Temp\9900f17982dbcce4d71a73e9597eef72e047bc31e0fc0b6e1f8a8bb6b31956ae.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3116
    • C:\Users\Admin\AppData\Local\Temp\9900f17982dbcce4d71a73e9597eef72e047bc31e0fc0b6e1f8a8bb6b31956ae.exe
      "C:\Users\Admin\AppData\Local\Temp\9900f17982dbcce4d71a73e9597eef72e047bc31e0fc0b6e1f8a8bb6b31956ae.exe"
      2⤵
        PID:1060
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 992
        2⤵
        • Program crash
        PID:3556
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3116 -ip 3116
      1⤵
        PID:4176

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\nsfAC10.tmp\jljzzkpi.dll
        Filesize

        16KB

        MD5

        2e33ff375eac30535f98a7c72b438c60

        SHA1

        180f41f2c881accf775ec93bfd752be043d1b391

        SHA256

        d1f5b895b161b27f1451c7dcfd4e73cd76e738e6cfd944692defdd95b57a2ae3

        SHA512

        d18492db4786c8df36f09fa474a8d4825d0f192ce05bb36339db6ba9c30df18a1896f348b5df4bcc427e5870e65ed4551ca9032867c6a7966c98ce8874e3d356

        Download Submit

      • memory/3116-6-0x0000000075020000-0x0000000075029000-memory.dmp

        Filesize

        36KB

        Download

      • memory/3116-9-0x0000000075020000-0x0000000075029000-memory.dmp

        Filesize

        36KB

        Download