Overview

overview

10

Static

static

6

D02D012970...94.exe

windows7-x64

1

DBm0yQwt.exe.ViR.exe

windows7-x64

10

ca6ec46ee9...52.apk

windows7-x64

3

calc.exe

windows7-x64

7

ccc71c83c8...B3.exe

windows7-x64

7

ccc71c83c8...68.exe

windows7-x64

7

cd2d085998...-0.dll

windows7-x64

8

cdffb7e75b...ss.exe

windows7-x64

3

cf7382c25a...c9.exe

windows7-x64

6

cgi19-alpt...e_.exe

windows7-x64

7

chrst.exe

windows7-x64

3

ci05l2a.exe

windows7-x64

cl.exe

windows7-x64

7

clean.exe

windows7-x64

3

coinvault.exe

windows7-x64

9

com_loader.exe

windows7-x64

3

csrss.ex_.exe

windows7-x64

6

d.exe

windows7-x64

3

d0a5cfec8e...B3.exe

windows7-x64

7

d0a5cfec8e...A6.exe

windows7-x64

7

d2164cdbc9...FB.exe

windows7-x64

3

d2164cdbc9...08.exe

windows7-x64

7

d4439055d2..._1.dll

windows7-x64

3

d54d2a216e...96.exe

windows7-x64

7

d5f29750a8...c5.apk

windows7-x64

3

d6c32b0146...4d.zip

windows7-x64

1

d889734783...48.exe

windows7-x64

daaa72f48b...2d.exe

windows7-x64

9

ddbf1840bf...e2.exe

windows7-x64

10

de882c049b..._3.dll

windows7-x64

3

decrypt.exe

windows7-x64

3

decrypted.ex_.exe

windows7-x64

6

Analysis

  • max time kernel
    590s
  • max time network
    377s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccc71c83c8d9895ef0b375273f9f185dfac63ecd01775e2dc705afe4d48c95e2_TDS=4FAD9768.exe

  • Size

    68KB

  • MD5

    2fbed8e1453f1cf9c9ac43d642df00fc

  • SHA1

    22aa6eeb79e95ff26f0775804152041aeb6df46b

  • SHA256

    ccc71c83c8d9895ef0b375273f9f185dfac63ecd01775e2dc705afe4d48c95e2

  • SHA512

    88043ca993f9fc81ae9a8da8579274796fde3f8bded78e11419fa06cf41466d671b0c50169645f19fa9e683c0b014d24366b31552f561267f03d0f2214578687

  • SSDEEP

    1536:HFxpZTK0l7htEAoWt4EsLGtPx00oipJlzL6oMNbzKl+OJL8LeG:HjpZTKk1te/rLGtPC0NFLnY4R1G

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccc71c83c8d9895ef0b375273f9f185dfac63ecd01775e2dc705afe4d48c95e2_TDS=4FAD9768.exe
    "C:\Users\Admin\AppData\Local\Temp\ccc71c83c8d9895ef0b375273f9f185dfac63ecd01775e2dc705afe4d48c95e2_TDS=4FAD9768.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\uexztplsyafcvgjvvvoaevfeldovmsll
    Filesize

    16B

    MD5

    e2598c9e0dcc6d5d57d450caaf9d716b

    SHA1

    c2e7b14276da39e0ca2954d48df14f90827a5b04

    SHA256

    0e61eac9ea9d1a695f07af8ebfb3b92a731d04a15b8e6ba4f303819be5dfa357

    SHA512

    7e2b615347ed06197a260d1c70812a654fc3238576b11daee9ff44e114e19edefc2f62411b3b2c9e6d240878f9b3b336c732cd5a9424d7fea39fa57f4aa19ebe

    Download Submit

  • memory/2356-1-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2356-0-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2356-2-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2356-3-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2356-7-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2356-47-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2356-66-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download