Overview

overview

10

Static

static

10

0a9f79abd4...51.exe

windows7-x64

3

0a9f79abd4...51.exe

windows10-2004-x64

3

0di3x.exe

windows7-x64

10

0di3x.exe

windows10-2004-x64

10

2019-09-02...10.exe

windows7-x64

10

2019-09-02...10.exe

windows10-2004-x64

10

2c01b00772...eb.exe

windows7-x64

10

2c01b00772...eb.exe

windows10-2004-x64

7

31.exe

windows7-x64

10

31.exe

windows10-2004-x64

10

3DMark 11 ...on.exe

windows7-x64

3

3DMark 11 ...on.exe

windows10-2004-x64

3

42f9729255...61.exe

windows7-x64

10

42f9729255...61.exe

windows10-2004-x64

10

5da0116af4...18.exe

windows7-x64

7

5da0116af4...18.exe

windows10-2004-x64

10

69c56d12ed...6b.exe

windows7-x64

10

69c56d12ed...6b.exe

windows10-2004-x64

10

905d572f23...50.exe

windows7-x64

10

905d572f23...50.exe

windows10-2004-x64

10

948340be97...54.exe

windows7-x64

10

948340be97...54.exe

windows10-2004-x64

10

Archive.zi...3e.exe

windows7-x64

8

Archive.zi...3e.exe

windows10-2004-x64

8

DiskIntern...en.exe

windows7-x64

3

DiskIntern...en.exe

windows10-2004-x64

3

ForceOp 2....ce.exe

windows7-x64

7

ForceOp 2....ce.exe

windows10-2004-x64

7

HYDRA.exe

windows7-x64

10

HYDRA.exe

windows10-2004-x64

10

KLwC6vii.exe

windows7-x64

1

KLwC6vii.exe

windows10-2004-x64

1

Resubmissions

01-02-2025 10:25

250201-mf4saszmgl 10

01-02-2025 10:23

250201-metkyaxqdt 10

25-01-2025 13:32

250125-qtfjeawpap 10

25-01-2025 13:32

250125-qtdptawpak 10

24-01-2025 13:12

250124-qfz1wszmcs 10

18-01-2025 16:31

250118-t1f1asxqft 10

Analysis

  • max time kernel
    92s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2025 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe

  • Size

    355KB

  • MD5

    b403152a9d1a6e02be9952ff3ea10214

  • SHA1

    74fc4148f9f2979a0ec88ffa613c2147c4d5e7e5

  • SHA256

    0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51

  • SHA512

    0ac24ef826ae66bbba8bd5de70cb491d765ae33659452da97605701b3a39a33933f9d2795af1e8a8615cc99ae755fccc61fc44737122067eb05d7b1c435a4ec8

  • SSDEEP

    6144:Fs3o0YvJiTQLmCUmLG0HhLjSKHkYp6dDERdBHMlU8LF:Fs3FmDL5P6YpaAt8LF

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
    "C:\Users\Admin\AppData\Local\Temp\0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:640
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 1628
      2⤵
      • Program crash
      PID:1468
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 640 -ip 640
    1⤵
      PID:2472

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/640-0-0x00000000753AE000-0x00000000753AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/640-1-0x0000000000BB0000-0x0000000000C10000-memory.dmp

      Filesize

      384KB

      Download

    • memory/640-2-0x0000000005C70000-0x0000000006214000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/640-3-0x00000000055E0000-0x0000000005672000-memory.dmp

      Filesize

      584KB

      Download

    • memory/640-5-0x00000000753A0000-0x0000000075B50000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/640-4-0x00000000057B0000-0x00000000057BA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/640-6-0x0000000008340000-0x000000000886C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/640-7-0x00000000080A0000-0x00000000080BC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/640-8-0x00000000753AE000-0x00000000753AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/640-9-0x00000000753A0000-0x0000000075B50000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/640-10-0x0000000008A50000-0x0000000008A9C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/640-11-0x0000000008B40000-0x0000000008BDC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/640-12-0x00000000753A0000-0x0000000075B50000-memory.dmp

      Filesize

      7.7MB

      Download