Overview

overview

10

Static

static

3

fa84aaca64...24.exe

windows7-x64

10

fa84aaca64...24.exe

windows10-2004-x64

10

$PLUGINSDI...og.dll

windows7-x64

3

$PLUGINSDI...og.dll

windows10-2004-x64

3

0/Setup.exe

windows7-x64

3

0/Setup.exe

windows10-2004-x64

3

039F3.dll

windows7-x64

1

039F3.dll

windows10-2004-x64

1

039F4.js

windows7-x64

3

039F4.js

windows10-2004-x64

3

1/333.exe

windows7-x64

3

1/333.exe

windows10-2004-x64

3

2/babka.cmd

windows7-x64

6

2/babka.cmd

windows10-2004-x64

6

Ionic.Zip.dll

windows7-x64

1

Ionic.Zip.dll

windows10-2004-x64

1

SibClr.dll

windows7-x64

3

SibClr.dll

windows10-2004-x64

3

Sibjs.exe

windows7-x64

3

Sibjs.exe

windows10-2004-x64

3

Sibuia.exe

windows7-x64

3

Sibuia.exe

windows10-2004-x64

3

Zip.dll

windows7-x64

1

Zip.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2025 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1/333.exe

  • Size

    323KB

  • MD5

    f76410e6255ed89c286c35b7b7c5269a

  • SHA1

    8a22735312d9a4692350464b107ed5872bf2527e

  • SHA256

    0b8c0c908da39e77e0ef2f4b3b0eb96f3709d052252e0eae619790c61fc42b81

  • SHA512

    51792ac3843450672ede7a44e1dab0509b26e1ab4d2fa93d08c0d25644920bc5afbeb35372cf55a99fa624f61c5e1188ee9d3bff58808c9b3d7c8f61c95435d7

  • SSDEEP

    3072:mnWSR+jounK7NAKDjiBmKbOUEuQvS/bcwWE2wup3vMRU6RLvHEd9VhMCyqKbv83w:NTouKrWBEu3/Z2lpGDHU3ykJvPJfbC//

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1\333.exe
    "C:\Users\Admin\AppData\Local\Temp\1\333.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads