Analysis

  • max time kernel
    148s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 10:54

General

  • Target

    EA7D9B2BC4EE15A1065405D8F5BF0C76.exe

  • Size

    129KB

  • MD5

    fe0f4300da8dfa0ae70791baea2bef2c

  • SHA1

    bed386ebad6b6c209860c6e8822f9770a00a6560

  • SHA256

    5b1fca52fd4bc6dc4aae43b0551164b553852d94a1cee051b653b352ede7f9e3

  • SHA512

    7f0609f7dee98332d9a820c2401f64de72b888de67033778ff6c9326b92c51bef017c8c29291935851656d5d703e88b9ca6daeca5aba9c0403ebd13e4c1ae808

  • SSDEEP

    1536:7Q5UK5dcnRLxHv8qcL90Api4Q9TnMv6WdqdIl2h1w:7oUKkRJ0LLiA44AgLdqX1w

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EA7D9B2BC4EE15A1065405D8F5BF0C76.exe
    "C:\Users\Admin\AppData\Local\Temp\EA7D9B2BC4EE15A1065405D8F5BF0C76.exe"
    1⤵
    • Adds policy Run key to start application
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\TT.exe
      "C:\Windows\TT.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2052

Network

  • flag-us
    DNS
    tshge.mamadody.mobi
    TT.exe
    Remote address:
    8.8.8.8:53
    Request
    tshge.mamadody.mobi
    IN A
    Response
No results found
  • 8.8.8.8:53
    tshge.mamadody.mobi
    dns
    TT.exe
    65 B
    148 B
    1
    1

    DNS Request

    tshge.mamadody.mobi

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\TT.exe

    Filesize

    129KB

    MD5

    fe0f4300da8dfa0ae70791baea2bef2c

    SHA1

    bed386ebad6b6c209860c6e8822f9770a00a6560

    SHA256

    5b1fca52fd4bc6dc4aae43b0551164b553852d94a1cee051b653b352ede7f9e3

    SHA512

    7f0609f7dee98332d9a820c2401f64de72b888de67033778ff6c9326b92c51bef017c8c29291935851656d5d703e88b9ca6daeca5aba9c0403ebd13e4c1ae808

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.