Overview

overview

10

Static

static

8

30bc4934d7...f0.exe

windows7-x64

6

338fdf3626...13.exe

windows7-x64

1

342933cb4c...20.exe

windows7-x64

9

343ace5874...03.exe

windows7-x64

8

34818CE171...49.dll

windows7-x64

8

360390_crypt.exe

windows7-x64

4

360390_tree.cmd

windows7-x64

7

3896f8a370...e_.exe

windows7-x64

7

3a061ee07d...8c.dll

windows7-x64

3

3af4fa2bff...d1.dll

windows7-x64

3

3bb691982d...21.exe

windows7-x64

9

3e3f980ab6...95.exe

windows7-x64

7

3e3f980ab6...26.exe

windows7-x64

7

3e75e8238a..._2.exe

windows7-x64

6

400cad56ff...9a.exe

windows7-x64

9

40b3cb2a21...0c.exe

windows7-x64

9

425c42d610...5F.exe

windows7-x64

7

425c42d610...FF.exe

windows7-x64

7

42d77128db...e7.exe

windows7-x64

7

4561647.exe

windows7-x64

9

457C9141EC...C8.exe

windows7-x64

10

46a9660c57...83.exe

windows7-x64

3

46ca6b1972...FB.exe

windows7-x64

7

46ca6b1972...FC.exe

windows7-x64

7

4e60f3c8ea...5b.exe

windows7-x64

8

4f0b660543...B3.exe

windows7-x64

7

4f0b660543...BB.exe

windows7-x64

7

4f5bff6416...09.exe

windows7-x64

7

Versamento...__.exe

windows7-x64

9

4fda5e7e8e...00.exe

windows7-x64

7

5 Rules for Snort.doc

windows7-x64

7

502de64ee4...c2.exe

windows7-x64

9

Analysis

  • max time kernel
    1790s
  • max time network
    1561s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    425c42d6108db6b6b5cbda7a5417b5f55225c47ac588f5f0a293c2b07a78d14b_TDS=4F9906FF.exe

  • Size

    63KB

  • MD5

    1303adf0a0aa3ff3b4a7c818c452853c

  • SHA1

    330994319ccf08918d0464006ae8221980e177ee

  • SHA256

    425c42d6108db6b6b5cbda7a5417b5f55225c47ac588f5f0a293c2b07a78d14b

  • SHA512

    18915a18963179ee6d5d32a3fc97b55f3073002c1ed9dd24f6fe539f72b9834411ccf6973c5009b6e1fd299465f5e7180b7bc4eb6054f5c4aacbc61c33c634b2

  • SSDEEP

    1536:24sx1uXJZg0vvIL66nqsD2JwAG9MMo5Vl4T/uWKVy6/849XL:2/O5ZzvvH6qsD2Djl4TWWKgghRL

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\425c42d6108db6b6b5cbda7a5417b5f55225c47ac588f5f0a293c2b07a78d14b_TDS=4F9906FF.exe
    "C:\Users\Admin\AppData\Local\Temp\425c42d6108db6b6b5cbda7a5417b5f55225c47ac588f5f0a293c2b07a78d14b_TDS=4F9906FF.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\mjrhlylwvjduisdifuyzxuncnlzwbruh
    Filesize

    16B

    MD5

    8b0651f5a1036efc1fe7db741d1d2430

    SHA1

    d16cbc0bea654cdd096c5864a2c6ebd5bc6a8b31

    SHA256

    a2c928123158c7bf5e52693ed2b2ef1666e33d30ffba3c1bb3c3b8d112df3889

    SHA512

    2b763e8ab2235d0710bb68d23deada5ca93cbe27fc4f77a4fcbd189bcdbc76393ec388376cd2ad51b2ade3a9690dc661297ff44e64cf689e052fa87416c13cd1

    Download Submit

  • memory/2532-1-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2532-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-2-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2532-3-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2532-7-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2532-59-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2532-78-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download