Overview
overview
10Static
static
10Malware-1-master.zip
windows7-x64
1Malware-1-...30.exe
windows7-x64
10Malware-1-...40.exe
windows7-x64
10Malware-1-...32.exe
windows7-x64
10Malware-1-.../5.exe
windows7-x64
10Malware-1-...91.exe
windows7-x64
10Malware-1-...ey.exe
windows7-x64
7Malware-1-....0.zip
windows7-x64
1Malware-1-...ad.exe
windows7-x64
3Malware-1-...ti.exe
windows7-x64
5Malware-1-...an.bat
windows7-x64
7Malware-1-...an.exe
windows7-x64
3Malware-1-...ve.bat
windows7-x64
7Malware-1-...ve.exe
windows7-x64
6Malware-1-...ya.exe
windows7-x64
6Malware-1-...re.exe
windows7-x64
10Malware-1-...ry.exe
windows7-x64
10Malware-1-...ck.exe
windows7-x64
3Malware-1-...he.exe
windows7-x64
10Malware-1-...op.exe
windows7-x64
7Malware-1-...rb.exe
windows7-x64
10Malware-1-...ue.exe
windows7-x64
1Malware-1-...ng.exe
windows7-x64
6Malware-1-...kt.bat
windows7-x64
7Malware-1-...o3.exe
windows7-x64
10Malware-1-...ey.exe
windows7-x64
10Malware-1-.../m.exe
windows7-x64
Malware-1-...o3.exe
windows7-x64
9Malware-1-...dme.md
windows7-x64
3Malware-1-...er.zip
windows7-x64
1Malware-1-...ic.exe
windows7-x64
3Malware-1-...in.exe
windows7-x64
10Resubmissions
17-01-2025 20:14
250117-yz7h3s1qfw 1017-01-2025 20:12
250117-yy9l2sslcr 1017-01-2025 17:25
250117-vy9p9sxpez 1017-01-2025 17:21
250117-vw8eesyjfp 1017-01-2025 14:16
250117-rk9ass1rhk 1017-01-2025 14:12
250117-rhv1ds1lds 1016-01-2025 12:52
250116-p4et7a1mez 1016-01-2025 12:50
250116-p29xjssjep 1016-01-2025 12:49
250116-p2cbaasjam 1013-01-2025 04:35
250113-e7x5tswlfz 10Analysis
-
max time kernel
122s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
12-01-2025 15:53
Behavioral task
behavioral1
Sample
Malware-1-master.zip
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Malware-1-master/2530.exe
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
Malware-1-master/2887140.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Malware-1-master/32.exe
Resource
win7-20240903-en
Behavioral task
behavioral5
Sample
Malware-1-master/5.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
Malware-1-master/96591.exe
Resource
win7-20240729-en
Behavioral task
behavioral7
Sample
Malware-1-master/Amadey.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Malware-1-master/Blocked-v1.0.zip
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
Malware-1-master/Download.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Malware-1-master/Illuminati.exe
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win7-20240729-en
Behavioral task
behavioral15
Sample
Malware-1-master/Petya.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
Malware-1-master/Software.exe
Resource
win7-20241023-en
Behavioral task
behavioral17
Sample
Malware-1-master/WannaCry.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
Malware-1-master/apache.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Malware-1-master/butterflyondesktop.exe
Resource
win7-20240903-en
Behavioral task
behavioral21
Sample
Malware-1-master/crb.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Malware-1-master/eternalblue.exe
Resource
win7-20241023-en
Behavioral task
behavioral23
Sample
Malware-1-master/fear.png.exe
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
Malware-1-master/getr3kt.bat
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
Malware-1-master/iimo3.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
Malware-1-master/jey.exe
Resource
win7-20240708-en
Behavioral task
behavioral27
Sample
Malware-1-master/m.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Malware-1-master/mo3.exe
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
Malware-1-master/readme.md
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Malware-1-master/wannakey-master.zip
Resource
win7-20240903-en
Behavioral task
behavioral31
Sample
Malware-1-master/wintonic.exe
Resource
win7-20240903-en
General
-
Target
Malware-1-master/Download.exe
-
Size
247KB
-
MD5
6a97f4f16e7879967a5c02d143d0bd46
-
SHA1
0898ccf65770813f69bf339462a05a8c6e17be69
-
SHA256
de2274da8cf00dfc6e6e52db43f82210a1fb7fd30016ebdc81347fb2d1f248fa
-
SHA512
0bc14103518a2e234f4e3f4ddc46e91a1ed21c2885fd4eb27d3cf8cd088e4fa4fffcc221ddb404f52794c57d6693b2ce080e797bf33f2322490030e0fce0ac27
-
SSDEEP
3072:ZV3bDzHY2weWeFoyUWfMRBsfpVZynzK4ChhO2IGmXf3Ur3CvZJnodCKJYsUH+Iun:ZBbDzHY0UsfPwUIvOd1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Download.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestwww.google.ruIN AResponsewww.google.ruIN A142.250.187.227
-
Remote address:142.250.187.227:443RequestGET / HTTP/1.1
Host: www.google.ru
Connection: Keep-Alive
ResponseHTTP/1.1 302 Found
x-hallmonitor-challenge: CgwIpMuPvAYQv-_NoAMSBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-L8j8wEywb4TCPln039nVRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Date: Sun, 12 Jan 2025 15:54:12 GMT
Server: gws
Content-Length: 397
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-WTXcWOyWEokiKULe_CXe0A7ozKAuMdrjFs_SSC6Mivo7hgPoPLeMo; expires=Fri, 11-Jul-2025 15:54:12 GMT; path=/; domain=.google.ru; Secure; HttpOnly; SameSite=lax
Set-Cookie: __Secure-ENID=25.SE=bypNR83NsPTD_M44JiUgC-pQKOFxndwGaklDA-AjhHWu_zuqz8R7k1YSU659apU6S5BRwlpwrkFwv4XNZH1_SgRtBKPLRJZ4_Ysr13FM7pq36k0jYque20LcHxEpTkz7Wlbxo_rNf9ytDUSdUDr0jhdTl4o5VzULMk19WAz0sC2o4nwsUG6nxjLaf6M6kUwDzgk-gwDBldM; expires=Thu, 12-Feb-2026 08:12:30 GMT; path=/; domain=.google.ru; Secure; HttpOnly; SameSite=lax
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.187.196
-
GEThttps://www.google.com/sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMDownload.exeRemote address:142.250.187.196:443RequestGET /sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 429 Too Many Requests
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3075
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
800 B 6.4kB 10 11
HTTP Request
GET https://www.google.ru/HTTP Response
302 -
142.250.187.196:443https://www.google.com/sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMtls, httpDownload.exe885 B 8.1kB 8 10
HTTP Request
GET https://www.google.com/sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMHTTP Response
429