Overview

overview

8

Static

static

5

astx_setup.exe

windows7-x64

8

astx_setup.exe

windows10-2004-x64

8

$_0_/V3Medic.exe

windows7-x64

8

$_0_/V3Medic.exe

windows10-2004-x64

8

$PLUGINSDI...64.exe

windows7-x64

$PLUGINSDI...64.exe

windows10-2004-x64

$PLUGINSDI...64.exe

windows7-x64

1

$PLUGINSDI...64.exe

windows10-2004-x64

1

StCli.exe

windows7-x64

StCli.exe

windows10-2004-x64

StSess.exe

windows7-x64

StSess.exe

windows10-2004-x64

StSess32.exe

windows7-x64

3

StSess32.exe

windows10-2004-x64

3

Lib/Cert/c...l_.exe

windows7-x64

4

Lib/Cert/c...l_.exe

windows10-2004-x64

4

Lib/Cert/n...il.exe

windows7-x64

3

Lib/Cert/n...il.exe

windows10-2004-x64

3

V3Medic.exe

windows7-x64

4

V3Medic.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    240s
  • max time network
    214s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    StSess32.exe

  • Size

    581KB

  • MD5

    e696752274d2b3bfe28b69f8b21e6034

  • SHA1

    78703f89931970dd476fbac9e909e47660009c32

  • SHA256

    59220c5fe9792ce5a8b418d3a19cc5734537e14e941bf669154e6ae7170e8c96

  • SHA512

    fbdcf2cb6fc5de34c9b070f66538e3ab6c2fdfe728125224a9c047c7747ea290484d376514129cac607cc90923ad5bc986096845ba40751c970cfb7bbe106577

  • SSDEEP

    6144:dZysTG5lwhDD3gruWtSPMcZ/JBwDZqqDL68BO/o6dPFvPToi7W2WYTHwm:dZyWCG9jeuiSPHZ/JKQqn6s6sctTHwm

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\StSess32.exe
    "C:\Users\Admin\AppData\Local\Temp\StSess32.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads