Overview

overview

10

Static

static

5

PERM 11-12...ol.exe

windows10-ltsc 2021-x64

10

PERM 11-12...gs.vbs

windows10-ltsc 2021-x64

7

PERM 11-12...ll.bat

windows10-ltsc 2021-x64

7

PERM 11-12...64.exe

windows10-ltsc 2021-x64

7

PERM 11-12...86.exe

windows10-ltsc 2021-x64

7

PERM 11-12...64.exe

windows10-ltsc 2021-x64

7

PERM 11-12...86.exe

windows10-ltsc 2021-x64

PERM 11-12...64.exe

windows10-ltsc 2021-x64

7

PERM 11-12...86.exe

windows10-ltsc 2021-x64

7

PERM 11-12...64.exe

windows10-ltsc 2021-x64

7

PERM 11-12...86.exe

windows10-ltsc 2021-x64

7

PERM 11-12...64.exe

windows10-ltsc 2021-x64

7

PERM 11-12...86.exe

windows10-ltsc 2021-x64

7

PERM 11-12...64.exe

windows10-ltsc 2021-x64

4

PERM 11-12...86.exe

windows10-ltsc 2021-x64

4

PERM 11-12...er.exe

windows10-ltsc 2021-x64

10

PERM 11-12...up.exe

windows10-ltsc 2021-x64

7

PERM 11-12...er.bat

windows10-ltsc 2021-x64

3

PERM 11-12...er.exe

windows10-ltsc 2021-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    159s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    12-12-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PERM 11-12-2024/Requirement's/Visual-C-Runtimes-All-in-One-Nov-2024/vcredist2015_2017_2019_2022_x86.exe

  • Size

    13.3MB

  • MD5

    8a6f4f3282236325360a9ac4413b7bc3

  • SHA1

    cb617803813e969be73f2e0e175a67620e53aa59

  • SHA256

    dd1a8be03398367745a87a5e35bebdab00fdad080cf42af0c3f20802d08c25d4

  • SHA512

    2c1facb8567a052b4fa65d173b0bda64fa5fded2cddb9073b7c28507ed95414c17d2839d06d5e961617c754cda54d6134964b1aff5c9e9cdfbace71f1de2ac3a

  • SSDEEP

    196608:7LZ7uflpQcIIS/Rj7BWl+aV8t8z72BxBwBgO4D31by0AOGhX4/vxaT2CyMTl2:BklptVYmfr7yBG/4DlTs12GTl2

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PERM 11-12-2024\Requirement's\Visual-C-Runtimes-All-in-One-Nov-2024\vcredist2015_2017_2019_2022_x86.exe
    "C:\Users\Admin\AppData\Local\Temp\PERM 11-12-2024\Requirement's\Visual-C-Runtimes-All-in-One-Nov-2024\vcredist2015_2017_2019_2022_x86.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4136
    • C:\Windows\Temp\{47709F73-093A-4FAC-8309-5B822A400987}\.cr\vcredist2015_2017_2019_2022_x86.exe
      "C:\Windows\Temp\{47709F73-093A-4FAC-8309-5B822A400987}\.cr\vcredist2015_2017_2019_2022_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\PERM 11-12-2024\Requirement's\Visual-C-Runtimes-All-in-One-Nov-2024\vcredist2015_2017_2019_2022_x86.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{47709F73-093A-4FAC-8309-5B822A400987}\.cr\vcredist2015_2017_2019_2022_x86.exe
    Filesize

    669KB

    MD5

    f7aca1ef43beaa02107214482e6b51d6

    SHA1

    fb5cec36519b148119dec501cec92d894eb3b60a

    SHA256

    169b8f7025b301ffce5402c98c07f9e01bbadce52a2961175b777279f92624a7

    SHA512

    82cf5ebaa0a16e229b82e2dd550d7ab76409c89b4cfb7f163d1cce6d156db737ec5a09a3aa832b4076039665a6044aaeca3a6d311f8264492707ae281bbe7443

    Download Submit

  • C:\Windows\Temp\{F6470D73-D5C4-418E-9160-D5441E16E6BD}\.ba\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit

  • C:\Windows\Temp\{F6470D73-D5C4-418E-9160-D5441E16E6BD}\.ba\wixstdba.dll
    Filesize

    215KB

    MD5

    f68f43f809840328f4e993a54b0d5e62

    SHA1

    01da48ce6c81df4835b4c2eca7e1d447be893d39

    SHA256

    e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

    SHA512

    a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

    Download Submit