Analysis

  • max time kernel
    1194s
  • max time network
    840s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:43

General

  • Target

    9B9517FA1515F47A502FE56536236A20BE5BBADF.exe

  • Size

    119KB

  • MD5

    b80a2daca4b5000fae089e655f2fa4b0

  • SHA1

    9b9517fa1515f47a502fe56536236a20be5bbadf

  • SHA256

    e58e7b91af952f56d32d3cb11e82d366f256f40d2e4c846f3aa8cda886bfb49f

  • SHA512

    9e5a24fd11bf542608ca8762ad735de749cfcfdc2bd750ca3f7de20dbc19a2ccda0cc88544261314c8dfa77c5ad2fd6e97af51ceee344794fba1efa49d32964f

  • SSDEEP

    3072:VAsj8MBX8s0oXJE455Vdcws635oUIFNTNC1f3U:VAsBZW+VdK6iUcIfU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9B9517FA1515F47A502FE56536236A20BE5BBADF.exe
    "C:\Users\Admin\AppData\Local\Temp\9B9517FA1515F47A502FE56536236A20BE5BBADF.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:328
    • C:\Users\Admin\AppData\Local\Temp\9B9517FA1515F47A502FE56536236A20BE5BBADF.exe
      "C:\Users\Admin\AppData\Local\Temp\9B9517FA1515F47A502FE56536236A20BE5BBADF.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:324

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nstC3ED.tmp\System.dll

    Filesize

    11KB

    MD5

    883eff06ac96966270731e4e22817e11

    SHA1

    523c87c98236cbc04430e87ec19b977595092ac8

    SHA256

    44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82

    SHA512

    60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390

  • \Users\Admin\AppData\Local\Temp\unneighbourliness.dll

    Filesize

    14KB

    MD5

    8d76fcd24e4af8e65e25c0d8ed00a5ba

    SHA1

    77c7da80febb1a88aaa7ece24cdd151d72951740

    SHA256

    3b4d00c530873bacd106d2654f2339b6bcdfc942cdb3008ea37c042eece500b2

    SHA512

    0906564e3dadbd6f399bc303612ea85a8e58be96a4b8e421a10027bbb2fd24fb32da8d99697e1e1a45b2bdf1710b295b6e72b1e657fa37a32d3f0e973c5ee1c7

  • memory/324-24-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/324-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

  • memory/324-20-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/324-18-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/324-16-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/324-14-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/324-12-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/324-29-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/324-31-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/324-32-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

  • memory/324-37-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB