18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3.exe
Size

711KB
MD5

137e48d526e2a840e07d309edffaca30
SHA1

294d908562372639119ff5fc7e0e4c8b528bd3f7
SHA256

18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3
SHA512

1d3be4e140809b126022dc09a2e5e65edbd323a0a9b65c89a030038efd08862141fa8a0cc4cd3025a25453cea26ca515d62c934613fa7401b5c251165c9c0edf
SSDEEP

12288:fqmauhQcfY+QL+YaiFTobErR4OgjH28v3moOSF+NhAYU15gwMalxBy2YbfsCtd5Z:5arcfYtL+YakTrrR4V728veSF+N2Gt

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3.exe

pid	Process
2868	18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3.exe

C:\Users\Admin\AppData\Local\Temp\18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3.exe
"C:\Users\Admin\AppData\Local\Temp\18344d1186a130b07d7f6da7fd4164ae5e03863873df9872bdd4151abef46df3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
453KB

MD5
ee85bdd66f4d21a73b522e93399fb2bc

SHA1
bfa09eba3add78d6f35df6b521c1590ebc6fef40

SHA256
400aaa1b80813f928dcbd67ea3bb5939b9338dd336ba3e73eaefc48cceca06f7

SHA512
05518c5ff2a1aaa4e16d167171b8a8ef0e9d48a5760890aa3f7c782549aebc125ec5f2638b6f783c1ffa2e2f65237580082e627ca3fedb98563878e152a0486e

Download Submit
memory/2868-0-0x000000007452E000-0x000000007452F000-memory.dmp

Filesize
4KB

Download
memory/2868-1-0x0000000000AC0000-0x0000000000B78000-memory.dmp

Filesize
736KB

Download
memory/2868-2-0x00000000003B0000-0x00000000003B6000-memory.dmp

Filesize
24KB

Download
memory/2868-7-0x0000000075DB0000-0x0000000075E71000-memory.dmp

Filesize
772KB

Download
memory/2868-8-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download