Overview

overview

10

Static

static

3

TradingVie...op.exe

windows11-21h2-x64

10

apt/24.10....te.exe

windows11-21h2-x64

1

apt/php/Pu...nt.exe

windows11-21h2-x64

3

apt/php/Pu...en.exe

windows11-21h2-x64

3

apt/php/WinSCP.exe

windows11-21h2-x64

6

apt/php/WinSCP.exe

windows11-21h2-x64

6

apt/php/unins000.exe

windows11-21h2-x64

5

ispell/Acc...ad.exe

windows11-21h2-x64

3

ispell/Ima...es.exe

windows11-21h2-x64

4

ispell/Sou...SC.exe

windows11-21h2-x64

3

ispell/pro...st.exe

windows11-21h2-x64

1

ispell/pro...pp.exe

windows11-21h2-x64

3

ispell/pro...32.exe

windows11-21h2-x64

4

ispell/pro...ce.exe

windows11-21h2-x64

3

ispell/pro...ce.exe

windows11-21h2-x64

1

ispell/pro...ls.exe

windows11-21h2-x64

4

ispell/pro...ce.exe

windows11-21h2-x64

4

ispell/ru-...xe.dll

windows11-21h2-x64

1

ispell/wab.exe

windows11-21h2-x64

3

ispell/wabmig.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    164s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29-01-2025 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ispell/wab.exe

  • Size

    504KB

  • MD5

    2b734c88ce7504d441aa362c41086bfa

  • SHA1

    ed7a7b1ffe4a6c5db71dbb8f40ea73db463e5531

  • SHA256

    2681f9a925ad65714e456caef9bc7a61d5206449f7514e9cbc510f63b812f1ad

  • SHA512

    5b76b5fcfb8dc7c8f03e3e1417025aeaf12e781e921d16845faf93db3cdba68b7b1802f97a85f07ace9ef586cfca4a8475a969b4a65450bbdbc3054afe6ab95c

  • SSDEEP

    12288:XTx5KRZ18xtSP+szdcIugOO50MMEMOkP:smxtSP+sJ+O5FWPP

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ispell\wab.exe
    "C:\Users\Admin\AppData\Local\Temp\ispell\wab.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:4304
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads