Overview

overview

3

Static

static

3

ActiveSync...nc.exe

windows10-2004-x64

3

Autoit3.ex...t3.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    104s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2025 10:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ActiveSync.exe/ActiveSync.exe

  • Size

    3.7MB

  • MD5

    d9ab5ec0952f1927aa013a9fb92d154e

  • SHA1

    0f956f83b3db92b8017ef9450bf97c2bb0c170ab

  • SHA256

    5f73318a2f599782b3f74cac4b200d0bd19ca7083551643db6972704992e8005

  • SHA512

    be22fe9f0e6f121214720b6c4b6ac86b6edc3d8b75a65b9c0cb82ccd18c6baa6dde05b8d6b6b39046ebe2ef20c254a0a05d624c700c877d4221b381be6281dcc

  • SSDEEP

    49152:k1JkqNY5gjjwtvJ6D4qYjE2DfOzcOzxAfEQjCsnrBU54+ZKlBtvtMt0+Jf1Gzyyi:k1JkqNYWjk6M3DfOzcOpcCsrBU54+mL

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ActiveSync.exe\ActiveSync.exe
    "C:\Users\Admin\AppData\Local\Temp\ActiveSync.exe\ActiveSync.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2596-0-0x00000000042D0000-0x0000000005FC1000-memory.dmp

    Filesize

    28.9MB

    Download

  • memory/2596-3-0x00000000025E0000-0x00000000042C5000-memory.dmp

    Filesize

    28.9MB

    Download

  • memory/2596-5-0x0000000000860000-0x0000000000873000-memory.dmp

    Filesize

    76KB

    Download