Overview

overview

10

Static

static

10

0.46582298...58.exe

windows7-x64

7

00331dd25b...3a.exe

windows7-x64

10

065988f36f...a0.exe

windows7-x64

3

0826716413...57.exe

windows7-x64

10

08cf8ed94c...a4.exe

windows7-x64

10

0997ba7292...3c.exe

windows7-x64

3

0b7996bca4...5f.exe

windows7-x64

0c3431dbb8...ui.dll

windows7-x64

5

0cd7440ca9...bc.exe

windows7-x64

10

100b8bfff5...ir.exe

windows7-x64

3

101.ex_.exe

windows7-x64

3

119.executable.exe

windows7-x64

6

119.unp.exe

windows7-x64

6

11abb44de5...47.exe

windows7-x64

10

11fb52c968...22.exe

windows7-x64

10

123.exe

windows7-x64

1

139.exe

windows7-x64

1

13E418BF18...73.dll

windows7-x64

3

144.exe

windows7-x64

1

17697e1829...44.dll

windows7-x64

3

19561b3379...er.exe

windows7-x64

10

19ec0d0e51...C5.exe

windows7-x64

7

1a6bed2aff...f2.exe

windows7-x64

10

1f210c60f9...40.exe

windows7-x64

10

1f3509cc11...dd.exe

windows7-x64

10

20c6d29da8...7d.exe

windows7-x64

9

234e77145d...2d.exe

windows7-x64

10

263fc6fc9e...32.exe

windows7-x64

9

2e0da054d0...23.zip

windows7-x64

9

Compenso.P...__.exe

windows7-x64

9

301a3f5017...5f.exe

windows7-x64

10

30620.ex_.exe

windows7-x64

10

Analysis

  • max time kernel
    294s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    119.unp.exe

  • Size

    68KB

  • MD5

    1d79ad8323f4c0d42a5886be05a9c635

  • SHA1

    ce40f723074765819876b2ae579d5b1ad78558b6

  • SHA256

    fbaa0b9fe6f035b1c466a75f768c6c86da669af72b363de043b4e5339bbbc4de

  • SHA512

    77704129642a75c6bba54ad2c174ddf131190e1ed327d9ac57300cb10777f7498712edd66c66be485004717c4bd278d865855072bfed28ca76cd715ebff460b3

  • SSDEEP

    768:yRl1JQ56c46jVT+XtVkWVGcPYSh4IwyyFN/yFHiWv6cF/hlL3Yw+oEy4AhmarTr8:2LA6YTzSqrzsFCe/h53Yk4Ak4RBU

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\119.unp.exe
    "C:\Users\Admin\AppData\Local\Temp\119.unp.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads