Overview

overview

10

Static

static

10

0.46582298...58.exe

windows7-x64

7

00331dd25b...3a.exe

windows7-x64

10

065988f36f...a0.exe

windows7-x64

3

0826716413...57.exe

windows7-x64

10

08cf8ed94c...a4.exe

windows7-x64

10

0997ba7292...3c.exe

windows7-x64

3

0b7996bca4...5f.exe

windows7-x64

0c3431dbb8...ui.dll

windows7-x64

5

0cd7440ca9...bc.exe

windows7-x64

10

100b8bfff5...ir.exe

windows7-x64

3

101.ex_.exe

windows7-x64

3

119.executable.exe

windows7-x64

6

119.unp.exe

windows7-x64

6

11abb44de5...47.exe

windows7-x64

10

11fb52c968...22.exe

windows7-x64

10

123.exe

windows7-x64

1

139.exe

windows7-x64

1

13E418BF18...73.dll

windows7-x64

3

144.exe

windows7-x64

1

17697e1829...44.dll

windows7-x64

3

19561b3379...er.exe

windows7-x64

10

19ec0d0e51...C5.exe

windows7-x64

7

1a6bed2aff...f2.exe

windows7-x64

10

1f210c60f9...40.exe

windows7-x64

10

1f3509cc11...dd.exe

windows7-x64

10

20c6d29da8...7d.exe

windows7-x64

9

234e77145d...2d.exe

windows7-x64

10

263fc6fc9e...32.exe

windows7-x64

9

2e0da054d0...23.zip

windows7-x64

9

Compenso.P...__.exe

windows7-x64

9

301a3f5017...5f.exe

windows7-x64

10

30620.ex_.exe

windows7-x64

10

Analysis

  • max time kernel
    300s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0997ba7292ddbac1c7e7ade6766ed53c.exe

  • Size

    40KB

  • MD5

    0997ba7292ddbac1c7e7ade6766ed53c

  • SHA1

    d63ff86f05b6f2fb86abf0dcd16cd2008fa3c158

  • SHA256

    3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1

  • SHA512

    62fa4f721bfc1800044e794bf97a2608640731f03f5b548779b28c4e401c38a4743cf8318a45f96e3d26677449e26b272b59209f3319c5e7a2f5da0584ccf837

  • SSDEEP

    768:qqsKtER6RyqAaeN5E62J7hHKr3jzK8zBkTcbI9fN2PjM9J7YoztYcF0Kc6K:qqZQQyqA7wFJ7ZKr3XnaTc8KjmJ5j0KY

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0997ba7292ddbac1c7e7ade6766ed53c.exe
    "C:\Users\Admin\AppData\Local\Temp\0997ba7292ddbac1c7e7ade6766ed53c.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-0-0x000000007469E000-0x000000007469F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1724-1-0x00000000003D0000-0x00000000003E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1724-2-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1724-15-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1724-38-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1724-39-0x000000007469E000-0x000000007469F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1724-40-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1724-41-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download