Overview

overview

10

Static

static

3

6687871227...20.exe

windows7-x64

7

6687871227...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    3s
  • max time network
    6s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66878712273890ab91aa91cc87a7ca370ff4d4f03035f8de78e35c051d58a520.exe

  • Size

    372KB

  • MD5

    f11ebe1eaa375bea0bf50a58d30f75b5

  • SHA1

    e51d3e180b5620eed10e81fba98e3a8ce9be1476

  • SHA256

    66878712273890ab91aa91cc87a7ca370ff4d4f03035f8de78e35c051d58a520

  • SHA512

    d670320b4d7999bb041b8b412ad84541c1233a2dc6f876de0f6a9230717fcf84edf27d3bdc1e316d9b7c24610677b4a7edf82517d039192415717efcc9303f1a

  • SSDEEP

    6144:tmdgUkQx+HXGidCzj8LBb8Rw5Jdypyf6aCXYfhieK:tsqQx+H2i+8LBNbdypazCXYI

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66878712273890ab91aa91cc87a7ca370ff4d4f03035f8de78e35c051d58a520.exe
    "C:\Users\Admin\AppData\Local\Temp\66878712273890ab91aa91cc87a7ca370ff4d4f03035f8de78e35c051d58a520.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\66878712273890ab91aa91cc87a7ca370ff4d4f03035f8de78e35c051d58a520.exe
      "C:\Users\Admin\AppData\Local\Temp\66878712273890ab91aa91cc87a7ca370ff4d4f03035f8de78e35c051d58a520.exe"
      2⤵
      • Loads dropped DLL
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Users\Admin\AppData\Local\Temp\hab.exe
        "C:\Users\Admin\AppData\Local\Temp\hab.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2820
        • C:\Users\Admin\AppData\Local\Temp\hab.exe
          "C:\Users\Admin\AppData\Local\Temp\hab.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hab.exe
    Filesize

    372KB

    MD5

    801737e80570afe7c1e001d36e390468

    SHA1

    65ec08daaa61c0604184cfdf58a491c5177022d8

    SHA256

    6badc1326ab101ee60ea7c7496b995b826375e8442f74d049d30d7e4f9cf5a29

    SHA512

    ba1b48069208fee9cb4d85fe588ec9d5e19ceffbc0a2b92899fefa7c21bb8ebf38e126d61da85ba6f18e496d499faf5b7b45f4263d5d94e958fb693dc10546ae

    Download Submit

  • C:\Windows\win.ini
    Filesize

    509B

    MD5

    d2a2412bddba16d60ec63bd9550d933f

    SHA1

    deb3d3bdc9055f0b4909b31d3048446848fae0e1

    SHA256

    79ff2254e38192be1626d05bec6c82e10c85e1cf91df7440c4c443380a1e877a

    SHA512

    8fecada107f72e59e43a689eeb8e2e18fa6134d0941c122025ed5bd00e5eab8114d7125bd289505be75641385a0c3f112d402c693f142c3ddc870d5fa8116e31

    Download Submit

  • memory/2380-2-0x0000000002570000-0x0000000002576000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2380-4-0x00000000775C1000-0x00000000776C2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2380-5-0x00000000775C0000-0x0000000077769000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2380-10-0x0000000002570000-0x0000000002576000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2552-13-0x00000000775C0000-0x0000000077769000-memory.dmp

    Filesize

    1.7MB

    Download