Overview

overview

7

Static

static

3

b81b2c803a...9N.exe

windows7-x64

7

b81b2c803a...9N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2025 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b81b2c803a4b1f50f3ce31e2de53b051c57fdd5b5bb251f1ca2bc58e636b54b9N.exe

  • Size

    495KB

  • MD5

    0f8c7fc867f987eefaad290f233a8380

  • SHA1

    7a69859441dbc831361dc1cf5667f532b47a2b03

  • SHA256

    b81b2c803a4b1f50f3ce31e2de53b051c57fdd5b5bb251f1ca2bc58e636b54b9

  • SHA512

    6b0dd00f3b038023f05502916a062ab5590e9fc209c5ffe19568b4502087c1888aff9c6a3dfed1f710ed03e122f3e704e6606f25c092e088e4ae67f0432c7c63

  • SSDEEP

    6144:t6LT6OYdZFo/Dj9lEYenWS1uH9vd/he9Bm9lsqPm5C/vOTKsMiCKEU5uK1ltzqtR:0LTF9jvEZ3CmW9lsq+eYzk

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b81b2c803a4b1f50f3ce31e2de53b051c57fdd5b5bb251f1ca2bc58e636b54b9N.exe
    "C:\Users\Admin\AppData\Local\Temp\b81b2c803a4b1f50f3ce31e2de53b051c57fdd5b5bb251f1ca2bc58e636b54b9N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\del.cmd" "
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Windows\SysWOW64\timeout.exe
        TIMEOUT /T 1 /NOBREAK
        3⤵
        • System Location Discovery: System Language Discovery
        • Delays execution with timeout.exe
        PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\del.cmd
    Filesize

    184B

    MD5

    2c7af1001fbe578c6b743375571b5e49

    SHA1

    0760eab23f7d3362ffdfe4fd862f5b946fadd40b

    SHA256

    514bf131237ed36bafcfb51b55e8bdb4ad3683a41687092208657f5f3b163688

    SHA512

    344c3e23de569a8f287e902ea9e41f93c0c2a27e420b56161057f9856244ec08b4d1873f358e9c07db31344c282ac4f7b226bfae239f29ae71a968f19d1d8607

    Download Submit