Analysis
-
max time kernel
441s -
max time network
441s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07/03/2025, 04:55
General
-
Target
1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a.exe
-
Size
13KB
-
MD5
fca6b8e7be21756ad15b863efe86d4f4
-
SHA1
787885416d0f6a09f7691e9703fa6f9cceba45b3
-
SHA256
1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a
-
SHA512
105b18a82c07bb4d162e507a34a16edda164dedf44b97dba90100927bae4ad48bd6762c220285bc7a25c01620fccbba7cc0eb2992d26aa210bb7bd3320e1152a
-
SSDEEP
192:C2WjQTbZ1eBppvfj/j2+cPM3P+Q/tCvwSw3uM76V9bhHOkrUNc:C2jTbZ0pj/vcqP+ctCYSw3GV9bhrUN
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a.exe"C:\Users\Admin\AppData\Local\Temp\1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\taskeng.exetaskeng.exe {B2935C73-754F-43C1-B779-113511AC6F3D} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a.exeC:\Users\Admin\AppData\Local\Temp\1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a.exe start2⤵
-