Overview

overview

10

Static

static

5

723-130-2025.exe

windows7-x64

7

723-130-2025.exe

windows10-2004-x64

5

724-130-2025.exe

windows7-x64

10

724-130-2025.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-01-2025 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    723-130-2025.exe

  • Size

    1.1MB

  • MD5

    1cf5ecd1b8b508ae3c6a04a3341439f3

  • SHA1

    e97b3bb75997b8faa8d54975e8dec5b3cd0f3a71

  • SHA256

    a82f8608d3e988686365f5a95c721ed3669a088b4f48181cac546e85a1c81104

  • SHA512

    e676a40018ba9e46290c6b15cbe444ec966467a531e2cc3a65939fa36d90c467f22a6baa5277443ce314e1f663d937519a26574f4920850663c67a539f4832a4

  • SSDEEP

    24576:mAHnh+eWsN3skA4RV1Hom2KXFmIaQhxZhzOq3Q5:Bh+ZkldoPK1XaQhxZtJm

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Users\Admin\AppData\Local\Temp\723-130-2025.exe
      "C:\Users\Admin\AppData\Local\Temp\723-130-2025.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3588
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\723-130-2025.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:1724
    • C:\Windows\SysWOW64\netbtugc.exe
      "C:\Windows\SysWOW64\netbtugc.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:4392

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aut6245.tmp
      Filesize

      264KB

      MD5

      db188804ef5ffa5fafa804b555dd40b9

      SHA1

      a181d975979f35d6ca17a736d3c143a75e63e6d7

      SHA256

      0c302426b73d5cb269aad18c78dc2616f5faeb1a0b2b88b999d6cd623f8cb723

      SHA512

      d872aba3b3e78e2c6f0094d724bacee36289a27e08de596bd047f673d3cd3c429bd6001b076cf79bdd5f9174815f361b10a6ea2923ca3dfdcdb84f184eddeae8

      Download Submit

    • memory/1724-25-0x0000000001580000-0x00000000015A1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1724-23-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1724-24-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1724-16-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1724-17-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1724-19-0x0000000001580000-0x00000000015A1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1724-18-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1724-14-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1724-15-0x0000000001700000-0x0000000001A4A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/2364-29-0x0000000001170000-0x0000000001210000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2364-21-0x0000000000940000-0x000000000097F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2364-31-0x0000000001170000-0x0000000001210000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2364-22-0x0000000000940000-0x000000000097F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2364-26-0x0000000001280000-0x00000000015CA000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/2364-27-0x0000000000940000-0x000000000097F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2364-30-0x0000000000940000-0x000000000097F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/3404-20-0x000000000DAB0000-0x000000000E526000-memory.dmp

      Filesize

      10.5MB

      Download

    • memory/3404-28-0x000000000DAB0000-0x000000000E526000-memory.dmp

      Filesize

      10.5MB

      Download

    • memory/3404-32-0x0000000002D80000-0x0000000002E58000-memory.dmp

      Filesize

      864KB

      Download

    • memory/3404-33-0x0000000002D80000-0x0000000002E58000-memory.dmp

      Filesize

      864KB

      Download

    • memory/3404-40-0x0000000002D80000-0x0000000002E58000-memory.dmp

      Filesize

      864KB

      Download

    • memory/3588-13-0x00000000011C0000-0x00000000015C0000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/4392-41-0x000001BB077B0000-0x000001BB078AA000-memory.dmp

      Filesize

      1000KB

      Download