Overview
overview
10Static
static
100486218577...d9.exe
windows7-x64
109bfd15145...11.exe
windows7-x64
9141d93e2d4...aa.exe
windows7-x64
1016c2807567...55.exe
windows7-x64
32f41c73046...95.exe
windows7-x64
103e275093a5...01.exe
windows7-x64
10419a809f42...89.exe
windows7-x64
34b10fd0d5e...58.exe
windows7-x64
104d78c439ed...f7.exe
windows7-x64
74f7713dcf8...63.exe
windows7-x64
7597deecbe6...4d.exe
windows7-x64
76b59edf464...e8.exe
windows7-x64
87def3cd43d...d8.exe
windows7-x64
796ba85326e...8a.exe
windows7-x64
797f1b6afb2...2e.exe
windows7-x64
59906747639...1e.exe
windows7-x64
19e1609ab7f...08.exe
windows7-x64
10b7fc91fc1f...37.exe
windows7-x64
7bf179bbd2c...25.exe
windows7-x64
3cfc68c40f4...4f.exe
windows7-x64
6e6e948a0aa...eb.exe
windows7-x64
1f02fe52119...68.exe
windows7-x64
8$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows7-x64
3secrehosted.exe
windows7-x64
3Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27-11-2024 09:28
Behavioral task
behavioral1
Sample
04862185775476ae0b6f7e8a02133cb408d212ca17bbff5c20dcfdcf569b3dd9.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral3
Sample
141d93e2d408738bba4f523f60d6ead702424e7d62c34921c8a34150a31870aa.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
16c2807567b31c30288d92c0649ce78ea87434104bac72db407bb45bf65a4855.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral5
Sample
2f41c73046f3b0f5edd79ae089b6b64ec3a0812ea02fe7325b8e5b171a621c95.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral6
Sample
3e275093a5ad4b2083eda47dfd2e9053cae044f7990a323c6f649093a8d00901.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral7
Sample
419a809f42361b2fcff98eb6f201e54ecef532c9b378db06e999f54285032889.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
4b10fd0d5e4370dde456862f810e27b2be1f854356191b9893ab1a65f4af5358.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral9
Sample
4d78c439ed8860a14aebcf79dfef27047a51fc36c514b40b48724cd9340ff6f7.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
4f7713dcf8ad6717ea6eb432774a29317649a512445221dc0a29ed79e48b7663.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
597deecbe673c67d998825bdf4ddeca83f6fbb3bdccec91dabf4f9052713ac4d.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
6b59edf464eaaeac4f4b2f43474e573694429f08c448db770618dc574b6171e8.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral13
Sample
7def3cd43d98a30a04f09be284cab8b8dbf96ecc2e78302f6c45ad524c41d7d8.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
96ba85326e2250f4e1cf07f5981bb96ea1383901663a6354899b5da0cd77b98a.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral15
Sample
97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
9906747639b782d738555a2522acd4a09ca8a3356f7848a4e68f284d888d891e.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral17
Sample
9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
b7fc91fc1fa6a53b1e5d97e21a7abefbde3ca7349d4db0fdbe15ec2702b1b737.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
bf179bbd2ce7ca31e421334efa7d262e30dc16b9bb5cced1b8b18d119adc4425.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
cfc68c40f4631954894898633fd0c5a06c5ce5837eba7d4b56fc3514c01e124f.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral21
Sample
e6e948a0aa3605bbd636ccdfa56e771dfebafa1e150d84f96b1968f8803edbeb.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral22
Sample
f02fe52119ff47fed2e52b28ec2c42a8eae8233b4c588c310dbaef3297b5d768.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral25
Sample
secrehosted.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe
-
Size
9.9MB
-
MD5
35c38b54ec41899c417ec3fcb06cccf4
-
SHA1
3dd53581b2120c467191267f23f021d9d939d899
-
SHA256
97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e
-
SHA512
58010a01088e2817f278ba9c5dd3dc6e05f21c33d1d45797d170b712fdf183eccbd4d6eaee58f73b5eb79fc04b39089fc543cf60be259b62fab1a425ddd3eec4
-
SSDEEP
196608:UQBQji8WWzNfmRUJbeq/gEY8OA33+yzzRZa/viMRLpMXBMJTybG:NB06gNfuUB7/gk33+sz7KpRVGGJTWG
Malware Config
Signatures
-
resource yara_rule behavioral15/memory/2016-0-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-6-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-7-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-8-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-9-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-10-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-11-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-12-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-13-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-14-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-15-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-16-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-17-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-18-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-19-0x0000000000400000-0x00000000010C3000-memory.dmp upx behavioral15/memory/2016-20-0x0000000000400000-0x00000000010C3000-memory.dmp upx -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\windows\KB.reg 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe File created C:\windows\KB.bat 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe 2016 97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe"C:\Users\Admin\AppData\Local\Temp\97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2016