Analysis
-
max time kernel
1s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
28/03/2025, 20:20
General
-
Target
6396148f6ec19958629b52429fb7177db4a70adacd570d7892d2a639514c7cae.exe
-
Size
372KB
-
MD5
4ef09feb5e540029aeefedfd6a227df4
-
SHA1
f9eaee78cb5d965f0623573eedfdb8efb7d3a62b
-
SHA256
6396148f6ec19958629b52429fb7177db4a70adacd570d7892d2a639514c7cae
-
SHA512
5b41cd152bf1691681ff01fea9526eb4543f8b971a40b7a5cdf80b39756fd4a326c51529b9b60a8cfd16186c05695a9831a063da47ec75039fcc5babbccc486d
-
SSDEEP
6144:tTdgUkQx+HXGidCzj8LBb8Rw5Jdypyf6aCXYfhimO:t5qQx+H2i+8LBNbdypazCXYo
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 3 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6396148f6ec19958629b52429fb7177db4a70adacd570d7892d2a639514c7cae.exe"C:\Users\Admin\AppData\Local\Temp\6396148f6ec19958629b52429fb7177db4a70adacd570d7892d2a639514c7cae.exe"1⤵
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6396148f6ec19958629b52429fb7177db4a70adacd570d7892d2a639514c7cae.exe"C:\Users\Admin\AppData\Local\Temp\6396148f6ec19958629b52429fb7177db4a70adacd570d7892d2a639514c7cae.exe"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\hab.exe"C:\Users\Admin\AppData\Local\Temp\hab.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\hab.exe"C:\Users\Admin\AppData\Local\Temp\hab.exe"4⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD50017995ac78c449809701a276bde7463
SHA11aa36445c0b217e641a2df50da660c03ca51ab80
SHA25675348be4d9baec27b84d83682f1cc9e67943ef3f29f4565aff0a20033dfa878c
SHA5128a18c7eadb5915a00eebf42040a0adcc0532c8a46e4d77791405ffe6cb1f5128678fbca3955f569260f9a63baebc7a087c3392349f750974fc17dcbf70cdcb47
-
Filesize
509B
MD5d2a2412bddba16d60ec63bd9550d933f
SHA1deb3d3bdc9055f0b4909b31d3048446848fae0e1
SHA25679ff2254e38192be1626d05bec6c82e10c85e1cf91df7440c4c443380a1e877a
SHA5128fecada107f72e59e43a689eeb8e2e18fa6134d0941c122025ed5bd00e5eab8114d7125bd289505be75641385a0c3f112d402c693f142c3ddc870d5fa8116e31
-
Filesize
24KB
-
Filesize
1.0MB
-
Filesize
1.7MB
-
Filesize
856KB
-
Filesize
24KB
-
Filesize
1.7MB