Analysis
-
max time kernel
106s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20250619-en -
resource tags
arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 19:24
Static task
static1
Behavioral task
behavioral1
Sample
3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe
Resource
win10v2004-20250619-en
General
-
Target
3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe
-
Size
9.0MB
-
MD5
ae53c93ca5db9204fd20ee710ffaedbc
-
SHA1
fc8572eb3888406ec5d7da8a95a4ea6407c75123
-
SHA256
3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb
-
SHA512
39ed41eb3f6a7014f58a3a970ca3c474c69d3b4bbcf7d931ddffcb8449a1fa75bcfc920c0ec1cd961f4285f819f93c9cfeb785ec76e344e7506f2647f8090085
-
SSDEEP
98304:gt2MIp9vm4n4xNTEY9xFUkcVwNSHfbv/kaIhThwMlEu:Wcn4NTx9Pe20/zkaiuMlE
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
flow pid Process 35 4860 3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4860 3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe"C:\Users\Admin\AppData\Local\Temp\3b0797ff465d975d7660453fc8f389de5959ecc0031142bbbd5bac4c4910ccbb.exe"1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4860
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD59c532044bc00af45e40d04833ef4aec8
SHA119286a5fefa8272677c87ab0253864c56c26ee77
SHA25686849e4117cc96fec8d3954a81889637c0b846e71ea19b6f7f42a31d3ebfce97
SHA51245b0e06c0215433b44c1676891452ee692b5e70384f00541a9c658706422fee4185589f9cb2abdd2e8d37878ceb097c19e519a056772bb08c1c8de828c1af5a0
-
Filesize
7KB
MD5bcca0afcc2940a8b8d16ca95ca16eb1c
SHA1a40c39e289e51693ed19f9584b1eb7c044852743
SHA2568b124ed39c790eb7ff43b086245412ebf29945e3460fbd8d9c19801b7ba58c91
SHA5123bbb1356720057f5a7b79e9b95e203ad1b5cdc2bd50c2f706dce26cbc7d2c246b74e876ff5e7abf2b1c485f90387618209cdee5977471be70c89b9a1130063dd
-
Filesize
38B
MD527df2185e47bf463168ac207ec92ce18
SHA16d67963a5287be35c534699c5c9ea0c86c71882b
SHA256e84daf7b6d347469aa9c7c884bcc7ffd437c96ff33a4abb60ab1e109c132a4db
SHA512761bf715dd0035843de4ab8456083225f83d1af257ccd931cfdbb91aaa7726254a8a56e8a0be4f65fcfdd09070cf22139555c64bbda6a1c127c7b466070d58f8