Overview

overview

10

Static

static

10

New Client.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    22s
  • max time network
    28s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-12-2024 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Client.exe

  • Size

    164KB

  • MD5

    005a5a4863183198513879c736d8eb30

  • SHA1

    8fe0d777ea7db6736079e69bfac72c3059906927

  • SHA256

    fadb5e91412cfef25b3653af5e8df4c11e83fb05f8b2a6669bad2aeb350b6031

  • SHA512

    b00b4688d543f16537c99ca886f22da418fc24ea2726f54ecbc7081e017b30db518582c010a98d9aba11c6fa2f465c9f6a8cdf12e98c04132e2fda5a7b952f6a

  • SSDEEP

    3072:B4CLm/wEvoXxXU3+cdY1c2wLEbvvJ9ybrjrQD:WCpU3+c6dwIDB0b

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\New Client.exe
    "C:\Users\Admin\AppData\Local\Temp\New Client.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 908
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:3992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1160-0-0x0000000074881000-0x0000000074882000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1160-1-0x0000000074880000-0x0000000074E31000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1160-2-0x0000000074880000-0x0000000074E31000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1160-9-0x0000000074880000-0x0000000074E31000-memory.dmp

    Filesize

    5.7MB

    Download