Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
23-11-2024 06:47
General
-
Target
19cc94ca0cd1cd58be997a4d9d548821992432909677f0081fc438574233e295.exe
-
Size
251KB
-
MD5
61d208a1a62319e066a08612120dd3a2
-
SHA1
e68bc3d8c57e37a682c5ed7f1b9f66bae3489160
-
SHA256
19cc94ca0cd1cd58be997a4d9d548821992432909677f0081fc438574233e295
-
SHA512
18fecd29ef60a1fa59d7a1fa1915e42274fc94836ef666ec01caf713e3c156b1ae856a18313d5d166263b55ab702df23be5298db36e079bb021a504274536ddb
-
SSDEEP
3072:jbG7N2kDTHUpouwLF8+baewke2/wI5+9KxFztXO88Y1mnFCzGlMPtfut7:jbE/HUMnaosI5+9KXzgzYsnFCzGlMgt7
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\19cc94ca0cd1cd58be997a4d9d548821992432909677f0081fc438574233e295.exe"C:\Users\Admin\AppData\Local\Temp\19cc94ca0cd1cd58be997a4d9d548821992432909677f0081fc438574233e295.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\suss.exeC:\Users\Admin\AppData\Local\Temp\suss.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-