Analysis
-
max time kernel
0s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30/03/2025, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe
Resource
win10v2004-20250313-en
General
-
Target
0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe
-
Size
368KB
-
MD5
5134a1b30fd65a952f3365ca2b4f1577
-
SHA1
95341d54aa34697c3e8616996779d2cdd756ede3
-
SHA256
0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588
-
SHA512
76eb048462d0ebd2ea14dced7cba758cb68a3f824f54acef0b70fda9d5345275d2a6bb5e2c00a607d74dfe4eed68cdf2e8ea81b0dc02cea1b1aabd3e3f6b9cc4
-
SSDEEP
3072:t3FhJsebNVlW1NWgxLJOp6iJRejPoQKvHIbuduaqyuhjDxSIVbOfprMIYsMMgC6j:t3F3VoweHW0u8TDB4ty3hunu
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2364 set thread context of 1696 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe 30 -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\win.ini 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2364 wrote to memory of 1696 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe 30 PID 2364 wrote to memory of 1696 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe 30 PID 2364 wrote to memory of 1696 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe 30 PID 2364 wrote to memory of 1696 2364 0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe"C:\Users\Admin\AppData\Local\Temp\0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe"1⤵
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Users\Admin\AppData\Local\Temp\0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe"C:\Users\Admin\AppData\Local\Temp\0498eaf7f2c1195d859a1c6b71a96c2636059fa2647d7b6afab966574791a588.exe"2⤵PID:1696
-
C:\Users\Admin\AppData\Local\Temp\nas0.exe"C:\Users\Admin\AppData\Local\Temp\nas0.exe"3⤵PID:2536
-
C:\Users\Admin\AppData\Local\Temp\nas0.exe"C:\Users\Admin\AppData\Local\Temp\nas0.exe"4⤵PID:2388
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD5a612784145fedbbb600ae9867e595cf6
SHA1021af773c854d7d55d8e0318a32bdf2316547df1
SHA256fa40ba82c368719458be8deea0f2702871845a1c63c8c8f5348a324f5ffa6122
SHA5125dc748fce472aa3a6001c41f180f205324cf4132bf43db5a54bc3d58c59494d08122a963b5ce64b7c9cfecebf348849ae962daa42723619b7269c1ac03fac84a
-
Filesize
509B
MD5d2a2412bddba16d60ec63bd9550d933f
SHA1deb3d3bdc9055f0b4909b31d3048446848fae0e1
SHA25679ff2254e38192be1626d05bec6c82e10c85e1cf91df7440c4c443380a1e877a
SHA5128fecada107f72e59e43a689eeb8e2e18fa6134d0941c122025ed5bd00e5eab8114d7125bd289505be75641385a0c3f112d402c693f142c3ddc870d5fa8116e31
-
Filesize
368KB
MD5201e1a85d61cf808a89d74f2d2292f9c
SHA1c32d442eefcb23a7067acde2180586ade908315b
SHA25672f35bf8677ea65abd2c96d7b717558785baa277f293bbb8f43950e6f399b716
SHA512339d74980e43db02c1c939b67cbd6d080e6a723b3ebe1a85313ceddb61f5f5b10f797868ce9eb19d9dbdf9a38838ac130e9500ad23ade47b13ccdec25e8595f5