Analysis
-
max time kernel
93s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24-11-2024 10:12
General
-
Target
$1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
-
Size
59KB
-
MD5
5587b9b65235807f61d2cea67a726098
-
SHA1
5a0e8ee64b946ae91d8d9e5f17b6e14c9a45dff3
-
SHA256
13257c64f9d820ecd8ae2a3aa198a5f93a7a93773c9153e2dfabf678586c0d08
-
SHA512
fc60c7dba11cb54e76d31f5dc8f7c103c5049c3ca6018a75b7e4394078aa787693a7577202ac872a001f8f4cd77c82fc262489f31f73b1752315f40ef49fea04
-
SSDEEP
768:j9qjtOoh/pZbvc+HX+fFXSJA/mIj6qkzry8F9zGPVzISJRnHzioSe4bU/iXAB8+I:j0joUxZbE+HOI66qkryz9zIMipGqW2
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD55587b9b65235807f61d2cea67a726098
SHA15a0e8ee64b946ae91d8d9e5f17b6e14c9a45dff3
SHA25613257c64f9d820ecd8ae2a3aa198a5f93a7a93773c9153e2dfabf678586c0d08
SHA512fc60c7dba11cb54e76d31f5dc8f7c103c5049c3ca6018a75b7e4394078aa787693a7577202ac872a001f8f4cd77c82fc262489f31f73b1752315f40ef49fea04