Overview

overview

10

Static

static

3

TT000900_989990.exe

windows7-x64

3

TT000900_989990.exe

windows10-2004-x64

10

TT000900_989990.exe

windows10-ltsc 2021-x64

10

TT000900_989990.exe

windows11-21h2-x64

10

Resubmissions

26-01-2025 23:45

250126-3r38xazkex 10

21-07-2021 16:43

210721-92llwasgkj 10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2025 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT000900_989990.exe

  • Size

    894KB

  • MD5

    f343cb0399d345b279de6d50d99f4be9

  • SHA1

    6983c9557f3ab79b9a78f069599080d6988fd0c1

  • SHA256

    451e257b591ad6beacf73a6ff2dc67942fa68cdd453da2784e084d790e66d3df

  • SHA512

    109ab328298c9945aafabe0c306b4ba4534171e40d7ef966ed5e5e14fcc4a87d3ebbc3ff4800fd42fcc78c2d9211b37d37461538f8c79ee3e79fdd5fc429fb19

  • SSDEEP

    12288:BjO5fIDWxzzaaIUGQ44wgdPkp7XLPtdnTJKQiP4Uh+4ryD5exR0xknr5eVLdCmfq:BCO7oUsP2myXx+iKvrG

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe
    "C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe
      "C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe"
      2⤵
        PID:2808
      • C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe
        "C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe"
        2⤵
          PID:2812
        • C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe
          "C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe"
          2⤵
            PID:2820
          • C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe
            "C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe"
            2⤵
              PID:2884
            • C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe
              "C:\Users\Admin\AppData\Local\Temp\TT000900_989990.exe"
              2⤵
                PID:3040

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2096-0-0x000000007432E000-0x000000007432F000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2096-1-0x0000000000330000-0x0000000000414000-memory.dmp

              Filesize

              912KB

              Download

            • memory/2096-2-0x00000000020B0000-0x0000000002128000-memory.dmp

              Filesize

              480KB

              Download

            • memory/2096-3-0x0000000074320000-0x0000000074A0E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2096-4-0x0000000000460000-0x0000000000476000-memory.dmp

              Filesize

              88KB

              Download

            • memory/2096-5-0x0000000074320000-0x0000000074A0E000-memory.dmp

              Filesize

              6.9MB

              Download