Analysis

  • max time kernel
    63s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2025, 01:23 UTC

General

  • Target

    aa96e5d2733c99c712a78d3af30cc5fe83bb2aad00d5061c5e287cf7d91c2391.exe

  • Size

    2.2MB

  • MD5

    bcf5559020787f325c89ab5a51e24e2b

  • SHA1

    5132b44f2cc8c7c223ab4406825de6d9b0b9122a

  • SHA256

    aa96e5d2733c99c712a78d3af30cc5fe83bb2aad00d5061c5e287cf7d91c2391

  • SHA512

    0f1e505ef4d96a7265596feb34b3b85f2b18ba786b339cf4f7276b25aea4a9ce1f54a176aaf66b127e1d814386c1151f65ff7ec875c1fcb9c62a2a3eb3209988

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZz:0UzeyQMS4DqodCnoe+iitjWwwP

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa96e5d2733c99c712a78d3af30cc5fe83bb2aad00d5061c5e287cf7d91c2391.exe
    "C:\Users\Admin\AppData\Local\Temp\aa96e5d2733c99c712a78d3af30cc5fe83bb2aad00d5061c5e287cf7d91c2391.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2772
      • C:\Users\Admin\AppData\Local\Temp\aa96e5d2733c99c712a78d3af30cc5fe83bb2aad00d5061c5e287cf7d91c2391.exe
        "C:\Users\Admin\AppData\Local\Temp\aa96e5d2733c99c712a78d3af30cc5fe83bb2aad00d5061c5e287cf7d91c2391.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2716

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Parameters.ini

      Filesize

      74B

      MD5

      6687785d6a31cdf9a5f80acb3abc459b

      SHA1

      1ddda26cc18189770eaaa4a9e78cc4abe4fe39c9

      SHA256

      3b5ebe1c6d4d33c14e5f2ca735fc085759f47895ea90192999a22a035c7edc9b

      SHA512

      5fe9429d64ee6fe0d3698cabb39757729b48d525500afa5f073d69f14f791c8aa2bc7ce0467d48d66fc58d894983391022c59035fa67703fefd309ec4a5d9962

    • memory/2716-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

    • memory/2716-24-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

    • memory/2716-19-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

    • memory/2716-27-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

    • memory/2716-33-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

    • memory/2948-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

    • memory/2948-17-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

    • memory/2948-16-0x0000000000400000-0x00000000005D3000-memory.dmp

      Filesize

      1.8MB

    • memory/2948-28-0x0000000000400000-0x00000000005D3000-memory.dmp

      Filesize

      1.8MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.