Overview
overview
10Static
static
10Remouse.Mi...cg.exe
windows11-21h2-x64
3SecuriteIn...dE.exe
windows11-21h2-x64
10SecuriteIn...ee.dll
windows11-21h2-x64
10SecurityTa...up.exe
windows11-21h2-x64
4Treasure.V...ox.exe
windows11-21h2-x64
3VyprVPN.exe
windows11-21h2-x64
10WSHSetup[1].exe
windows11-21h2-x64
3Yard.dll
windows11-21h2-x64
10b2bd3de3e5...2).exe
windows11-21h2-x64
10b2bd3de3e5...3).dll
windows11-21h2-x64
10b2bd3de3e5...4).dll
windows11-21h2-x64
10cd9ccf8681...f7.exe
windows11-21h2-x64
10cobaltstri...de.exe
windows11-21h2-x64
10default.exe
windows11-21h2-x64
10ec4f09f82d...d3.exe
windows11-21h2-x64
10efd97b1038...ea4.js
windows11-21h2-x64
3emotet_exe...04.exe
windows11-21h2-x64
10emotet_exe...23.exe
windows11-21h2-x64
10eupdate.exe
windows11-21h2-x64
3f4f47c67be...3f.exe
windows11-21h2-x64
10fb5d110ced...9c.exe
windows11-21h2-x64
6fee15285c3...35.exe
windows11-21h2-x64
10file(1).exe
windows11-21h2-x64
1file.exe
windows11-21h2-x64
7gjMEi6eG.exe
windows11-21h2-x64
10good.exe
windows11-21h2-x64
5hyundai st...1).exe
windows11-21h2-x64
10hyundai st...10.exe
windows11-21h2-x64
10infected d...er.exe
windows11-21h2-x64
10inps_979.xls
windows11-21h2-x64
1jar.jar
windows11-21h2-x64
10june9.dll
windows11-21h2-x64
10Resubmissions
04-12-2024 19:31
241204-x8wmhaxmcv 1004-12-2024 11:47
241204-nybd5szkdq 1004-12-2024 11:40
241204-nsybqazjek 1004-12-2024 11:35
241204-np1bxatqgz 1003-12-2024 19:23
241203-x381msvpgj 1003-12-2024 16:27
241203-tyez8atjdv 10Analysis
-
max time kernel
87s -
max time network
204s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-12-2024 11:40
Static task
static1
Behavioral task
behavioral1
Sample
Remouse.Micro.Micro.v3.5.3.serial.maker.by.aaocg.exe
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
SecuriteInfo.com.Generic.mg.cde56cf0169830ee.dll
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
SecurityTaskManager_Setup.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Treasure.Vault.3D.Screensaver.keygen.by.Paradox.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
VyprVPN.exe
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
WSHSetup[1].exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
Yard.dll
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (2).exe
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (3).dll
Resource
win11-20241023-en
Behavioral task
behavioral11
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (4).dll
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
cobaltstrike_shellcode.exe
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
default.exe
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
ec4f09f82d932cdd40700a74a8875b73a783cbaab1f313286adf615a5336d7d3.exe
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
efd97b1038e063779fb32a3ab35adc481679a5c6c8e3f4f69c44987ff08b6ea4.js
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
emotet_exe_e1_ef536781ae8be4b67a7fb8aa562d84994ad250d97d5606115b6f4e6e2992363f_2020-11-17__174504.exe
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
emotet_exe_e3_93074e9fbde60e4182f5d763bac7762f2d4e2fcf9baf457b6f12e7696b3562c1_2020-11-17__182823.exe
Resource
win11-20241007-en
Behavioral task
behavioral19
Sample
eupdate.exe
Resource
win11-20241023-en
Behavioral task
behavioral20
Sample
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
Resource
win11-20241007-en
Behavioral task
behavioral21
Sample
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
Resource
win11-20241007-en
Behavioral task
behavioral22
Sample
fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d35.exe
Resource
win11-20241007-en
Behavioral task
behavioral23
Sample
file(1).exe
Resource
win11-20241007-en
Behavioral task
behavioral24
Sample
file.exe
Resource
win11-20241007-en
Behavioral task
behavioral25
Sample
gjMEi6eG.exe
Resource
win11-20241007-en
Behavioral task
behavioral26
Sample
good.exe
Resource
win11-20241023-en
Behavioral task
behavioral27
Sample
hyundai steel-pipe- job 8010(1).exe
Resource
win11-20241007-en
Behavioral task
behavioral28
Sample
hyundai steel-pipe- job 8010.exe
Resource
win11-20241007-en
Behavioral task
behavioral29
Sample
infected dot net installer.exe
Resource
win11-20241007-en
Behavioral task
behavioral30
Sample
inps_979.xls
Resource
win11-20241007-en
Behavioral task
behavioral31
Sample
jar.jar
Resource
win11-20241007-en
General
-
Target
SecurityTaskManager_Setup.exe
-
Size
2.9MB
-
MD5
444439bc44c476297d7f631a152ce638
-
SHA1
820fcb951d1ac8c2fda1a1ae790f52eb1f8edf2e
-
SHA256
bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3
-
SHA512
160f4b095d37a9f4c6279a4a19f072e170c5f819d0e8e588b2503711b9e2eaac9567b48a9e42bf15af50ba60e64ef97a64e003230369aec0b032cb2030fdca00
-
SSDEEP
49152:4s+HgXcROcfipeyNcRmyQLCUOE+N+2JLKmltavtaKhGiD79l+90U:4s+9ROcapelxQLGEjscg6939l+V
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
setup.exepid Process 2312 setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
SecurityTaskManager_Setup.exesetup.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SecurityTaskManager_Setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SecurityTaskManager_Setup.exedescription pid Process procid_target PID 3548 wrote to memory of 2312 3548 SecurityTaskManager_Setup.exe 77 PID 3548 wrote to memory of 2312 3548 SecurityTaskManager_Setup.exe 77 PID 3548 wrote to memory of 2312 3548 SecurityTaskManager_Setup.exe 77
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3548 -
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe".\setup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2312
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5694ba0b43cc2ec5055a7ffa3c4fc3aae
SHA112863f8925bda943ea510239820be15242b6f1f9
SHA256a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295
SHA51212ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b
-
Filesize
37KB
MD589f324a12d6e19b549027d3d7bfb7ae8
SHA1a12479a93c5a70eaf5c4d606dddddefef05ef26e
SHA256ab2386fff64d22e64fb1e553286996232980706683245806f185fd2f423fbdb5
SHA512a0e1707719dd4d998f4e02df7672e75723b7dfc7e4f05f02741f059e6a69cc4444b805b9d7ac40ea53e97cd9ed2d89b0314b2b61105416582d6e9bea9965a8b5
-
Filesize
35KB
MD50d76174d68f5fce7e150c972eeacef9c
SHA14adc44d638859253e3befa3407fdbde8866a5456
SHA256d5a4b68cdf201c17b466bc75d29e91b43dca6abda228caf2b6752e09b8a19058
SHA5122ca4cbc1ef23a0b11bd32cff0824b655285d4c8f5535e7113f915e607361211e20ab28e6f5f1da2a26190141809f233434135c27598b6a7f14d4376cfb916f52
-
Filesize
34KB
MD51325b58debc1e7a46c705a44b4504734
SHA1d68af1fc501342923a23569bb058a7e1510c93da
SHA256d740c5e0e760f7c7547b98d8ff67efa8cc2558fd05c1e086f25919fda5e681f6
SHA5127427b50a0ca11bc74f9182c0ad2952b7a0495d75b53b8bae4fa88ce8b615bb905171fa7883a8ce6c93b778a36e579b8963646b7aeee5a4c2569a0e562f6bb56c
-
Filesize
39KB
MD5b33fed70df15a44085aa88647d211c81
SHA12ff758266c852d72a6c9aa001c4cb7f50ef15a76
SHA256a097180501190a3efee4f776485a072a8ba3ec77ae3052932d602b4dfc767738
SHA512f03330183172e48174c8603dd4ab371b03650ddc9c96941c1cfd9e5b394a60f98a6046d41916992bb8ce42400cb91d7976e4aa2822ee69f950d3e9c7e382d966
-
Filesize
36KB
MD5b930f96bb386f7e289310c3f5063178a
SHA1955a30d309d0dd17d289b918a611bdd9de43cc5d
SHA256f49bf79f10c2af50e0a584d8f619551b21fe14683f2908ec552fb8364ddbc28a
SHA512d4a47caf59956e67eaef294ce3e8732365eaf7623d2933b11d7758f80a4b92637dcdbe95ea1a1674f1b69a0b2ee3f97ba529c623c9e7ac9ca585464c0cc0c7aa
-
Filesize
36KB
MD534c121268b1c3fce53172b3933b075a3
SHA1c44fa37db476886859aaef75878dd7806a7ab518
SHA256f974ea70d717e59d27fa566eeae52831537207ad4bb6308ed93e387f5fced2c4
SHA5126f2aed20f2ea8bc028f923918a4f2b5af131584af94f51536cdd6ba59ba389a8ad52c586226911d67af9d17b53151d677fe190ec0df4f16d5ace189ca3e503eb
-
Filesize
36KB
MD57d873c6c96a6725c7b0cb5dfb1a09e87
SHA1dae7dd06dd465fc4f98d14d027025eef10c5bf77
SHA25605dbe3b460b51194c276b9fa2b41292ec52e5e408fa005950f027cf11fb2bc26
SHA512f5f98f46ae0cfb379f7de9258d12287c2f580181ef713af8a9a0b3f81cbc9cab1c9295e18244989bc875dd177f5f6727431cd0dc8b61dade61acdff09677e398
-
Filesize
39KB
MD53184a1d71306f0b0b2f73169520c1029
SHA159d84aa3bd19d6f2aad47450bb7c28da97057e11
SHA2561dd3e5d60c64b21c265f4635473f9dfde10d1818f7a6ecb3693089c9e225d390
SHA512bf7813a1410ff8e6a2fca41229147c121a85dab9dceed79a03e5e174eff98fe02c9e031c40c85e27c6af8a55de976983078d641da51a323c6ead8f3e7362719a
-
Filesize
39KB
MD5a54d196a3a36ba5224d4c409489fda77
SHA195f6502f4f827f2b70c4aba2ceb8c9a6af9e439c
SHA256a92d6b1995801bb2e13b8362bacdf2aeaa4efc5abe7a292c1446f60aae553158
SHA512b774d369c66192ff1ec4cde1f5b11c8e2ef4d856d65bcb0abdee855a7fb41af6a9eebc88934722e13f09ed2d9679986c2556b26d28258778bbd2fbc04e8667ef
-
Filesize
40KB
MD56fa6baead051fa1ea55a9d617d74843e
SHA163adad9e223d3611243478c813906dea3de80115
SHA256dfcd1e48dcaab1ca041c937a81774ef753cd0e9e3b0eddcc0b4c084585b0ef4f
SHA51270ed25b4258ade5eda92c6bf3427217cb9dd78b7e843586198de24fcb1ee31a3b0d10613a3d18b06ebc7e2867a5111af5fb7cb7674fd55149767f038f3f771ff
-
Filesize
34KB
MD50e62e49c4a1868113e00e266d39c47a5
SHA12be41ae1857c30caf6e1124b51652ffc35779034
SHA2561f6e19ca7500dd3193bdb2d384fe1feed96c1b1dbd9e58c4a27c71b90cb10cfe
SHA5125a8ac80e582545b6d193db5b5e2013aa7ddc7f6e830f5cb497a4a2c1ec31c6dac382157cc0b0f0b8cf17e7247dbb9a094198131fe66e4f58c1c71a5749d2702a
-
Filesize
31KB
MD5992c0dde82beac0c0eb86b137744c196
SHA18ee1cfccac49a5b9df6d8f3572ecfcbe592676cf
SHA256312980aa8444655137044d3323ed0f5f3d6d2d4d503512e029ffa4429d92fa6e
SHA512074caed4ef7044c032960e3aa4240338356323fb3f880588bf35775dca462acfaf792a14d11113f7e814c19d7e947fed15ddec5f764d3b9a896c36a941192541
-
Filesize
34KB
MD5179fe4667bfe1d977d687493f59d7adb
SHA1b3d900debc52ff3e77fb426636968c1f1feb2800
SHA2563e7fe5d3b0095143d86173fd99775d8d0065eaafcf9dd683692062e026879922
SHA512358d51d4f07207ec3017386458d3073e657636505c09cbe1b7e31b3cb778926a9a4a517ecb140e661d3b30586f12e94a5a659cd4cf9ac1332030ddfa3f511c52
-
Filesize
35KB
MD5ce3dcf85fa453f3d735005340ef90ae0
SHA12c33a89e2d7853d8b1dc40287485f172476129e3
SHA256f1f0bfd7676420d8668d0676ecce039b84b023dd12ecdcc19ac4b01b1bb9de61
SHA512db7f772511c79e159ef842bc1effe8ede244bdb0757446e97ddd39761c3540a05a2475f11fe90da2b8a9bf0c532cabecb27051a4bbe459387961294fbbb86bd0
-
Filesize
38KB
MD507d5c6cf24d90859e1bbdec962662ac3
SHA12f4f9b6e3f1bdb3de3a44ad98427fc55738d4a8f
SHA256485de5cc9654510903431e32cf7e7b9afaeb0a575bffca7af5f652429654f0b4
SHA512689bd4b50a107cb2035dc8d9757d44d53b8c97a4a6979bb3cc2181cd416f6a5fab0293889c3dcde8887414590ff17df627da504d1936e3883300da411ab6ec90
-
Filesize
37KB
MD557dd15b63e5116d4192756eac357fc77
SHA12e4cbdf15c9b2da2658b6e2df1d7faa26d5563cb
SHA2563692ca1b6e64991835da21e50cd91f2c20395a0a2290655284ec477ed5e241c4
SHA512316c68da136d6b23d40742e5da545acba87e0c9729663afb43f4a12d40505f8f51657de2ee22c7449d1fa072a9505d16759914e019f47d2b64d4f7fdbd120a76
-
Filesize
36KB
MD527775d53a8f8bdd46d2cd07808540fa5
SHA1f9c905347ac04e465583f5b57c0248d3bc052783
SHA2561c0888d6a709c536a3f8f29cea3477c8bd1d91bc7beb68e6854c7228c52555dc
SHA51296e9734ee5c383045f9779348c2977e87c6db249bd51e75667a46d34e105fbb9e99ab68df1ff9aaf092858f751f03996ec6c27b2b35fee7addc300d9642b3306
-
Filesize
38KB
MD51db8fa700e36994c13075acac2b3d1cb
SHA1049a77576da0bed590109cc15129686d72e12399
SHA25600fd546aab44ac4cf4cfd822b249ef7ecfa0a4b8afdd6438ecbfd9705c7ec746
SHA51224a7ed6098c629bd210e0934c13656d6ece22f4da68296ead9a0883ab395afb90c3f37596b8f0007f4ebffef8688a7b1686c1618182a7299ed17da31636d09fd
-
Filesize
34KB
MD537f4289c2977a484189b9ff44a590b8f
SHA18165528ec43e0131d139e6696ed3317bd283d2d0
SHA256ef67f369daf2eaa2878330c076654d4dec001d9e365e35888e82fb10cae2153d
SHA5125684e6d543fffef1e08bb5645c3c4d2e1ae37a03243e9df1c44daf1f40f2514fdff8c7cf702d9c7e78f6dad0a7d93e4ded95ea58442125c85b87621d3839d12d
-
Filesize
37KB
MD5ce97c5cc7ffaa5d6b18d313d4b8eae81
SHA11795b8763718fb31d1e0396567232d9891e49d81
SHA25689ce1dbd43e5d377013f2228de688787350c8f11d908ecbc0ded355c7bc63663
SHA5129efbfa39beb9e032121c57a3d8f713a387dfb7feda44bea4bdad8a80a2626644da324c01315475445974883aaedc0432ca53920f154427151b9b650d0ebbbc66
-
Filesize
33KB
MD5df09a44cde9e14378fe3ddd47a8ca3fe
SHA139d880fd38980a5dde18c1fb94707711a07878fb
SHA25659d771c4d45af27f793c38ee78a2a5c5667f877d7f65313cbad93bd8ec3b1fce
SHA5125a3cf5f280d29496371e4ee8a21966bfd6aaaa208eddf4112d67198ff639798e68338b07ae5b8aeb498c7a3875ce2f42a8f037bf5359ab707d0a6e796510a33c
-
Filesize
1.2MB
MD53733003588acfbc9ff5df9765c80d405
SHA1b52befaf06a525407de46499706ffda1df024263
SHA2560c87006a32e187cb1fef06dc9f19b547c78909e88ab59cc89d7b53aebbae9b4a
SHA512b6c94eabecb85a507395c4a6c3717471bf2486d5b4dba8d946c0ae960af673455e9ff338f5c6bc33bb55b363c2d6a51fb0660d0aa0d99c6914ffb514f38be32b