Analysis
-
max time kernel
291s -
max time network
239s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-11-2024 03:31
General
-
Target
freegaza_israeli_killers.exe
-
Size
345KB
-
MD5
685a8933f565793c2bf54770b3286bbe
-
SHA1
85f5e2bb703c836c2a29045d6fc15ef81804f938
-
SHA256
8acccd48ee73b7eccbc3622341ea33f9e07dbcdcd6e07f8b01fb630015a44659
-
SHA512
40a85e1d8f0f80120bd413efece18ed5983ffdea316ddedd760c487da535803ae6b904f97b32c8732cca3bc8f6e6ea4f440849281a0d3c541d26a4489c3383a4
-
SSDEEP
6144:gSUomEUi3+sMZ3xEYIrQ3XFp6/ZLk5rmrL0bl+oanFvRB4ulqTyO0A:xUomEFRu3xEPEOBermMetRBXw0A
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 26 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\freegaza_israeli_killers.exe"C:\Users\Admin\AppData\Local\Temp\freegaza_israeli_killers.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ponmsiyyks.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ponmsiyyks.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c copy "C:\Users\Admin\AppData\Local\Temp\RarSFX0\*.*" "C:\Users\Admin\AppData\Roaming\Xrxoeoa"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD55c3e56ea2b8a49c1808d63cc6cc817f0
SHA181b1d8a3c6ef528c08dc388298e54d782fe903ec
SHA2563a9ba30f48997c0546ef1977a7f95a112fcad6ece91cfdd820ff88a51ff70e84
SHA5121acfabd8f414c704494dcc9d6093ec738c3de0a5a0a0c25a63e1355463feed5458e154c78c788d00692673ca4ce388e373ae27fea21ebc3f954bf3e1aa206eb6
-
Filesize
99KB
MD5293caf9072efec18b7eef903f3a2c7f4
SHA1de3016203919311f27b83b6981ee6eef9de7baa2
SHA256e368372210f645faaed24c1fa27b1c737c3dd3c1578fba9e8487149bff40b835
SHA512f5b38d29d1601f751b8a91c6af8f407860d230727626fda5949a1fb55c6b2a7c5da1f24132b9e72d77536df69a8f65b1b102ee02cad2d83059435db3b76d2c0a
-
Filesize
9.5MB
MD58df08dd868e16f24b01fe06719040cb2
SHA1f730c013121eab0c6157081aa8bd972389a87cbb
SHA256b05e06ab6e885de6f8646d6b9ffc8cc4aa8f285e656fd0738bb7cffb5c9d4f21
SHA512b15963c22d9e7cbbbf2b7645b576cdecd65357a3525fa5d73a80aaadc2d08c2d578786085db8517819366242263222337bf28f9fd601678a5266d90f899bee7b
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB