Overview

overview

7

Static

static

1

cce1cf601e...8d.exe

windows7-x64

3

cce1cf601e...8d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    293s
  • max time network
    260s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2023 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cce1cf601e23728f6783f55bbe926ef4be018bbaf2c65698423e347fcdd9778d.exe

  • Size

    253KB

  • MD5

    2b42a9613d2132e3fcc1f7fbac390b24

  • SHA1

    adb4bf1e2d2085f0ee54e467fdeba042c2276964

  • SHA256

    cce1cf601e23728f6783f55bbe926ef4be018bbaf2c65698423e347fcdd9778d

  • SHA512

    e60c2b318ed699cdc75eace766e4d570a8809fe7b9f64eb0e4a4141d10179b282c97f330965f5a0b99019abe7326665dbfbe36de2f60a2933bf8eadaae727c01

  • SSDEEP

    3072:asSCsbsZE1L8ZrB6PT+T89sOXnJ2jwiE90L6sv:ebsmL8ZrmTV9tXnJIc0L6s

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 30 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cce1cf601e23728f6783f55bbe926ef4be018bbaf2c65698423e347fcdd9778d.exe
    "C:\Users\Admin\AppData\Local\Temp\cce1cf601e23728f6783f55bbe926ef4be018bbaf2c65698423e347fcdd9778d.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1628
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:2392
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4692
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:4228
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:552
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:2624
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4700
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:4744
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4992
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:4280
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3828
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:1548
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:1264
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:1664
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:2784
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5028
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:4460
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:752
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:4324
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
        PID:4492
        • C:\Windows\SysWOW64\timeout.exe
          timeout 10
          3⤵
          • Delays execution with timeout.exe
          PID:1272
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C timeout 10
        2⤵
          PID:5084
          • C:\Windows\SysWOW64\timeout.exe
            timeout 10
            3⤵
            • Delays execution with timeout.exe
            PID:1996
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /C timeout 10
          2⤵
            PID:776
            • C:\Windows\SysWOW64\timeout.exe
              timeout 10
              3⤵
              • Delays execution with timeout.exe
              PID:2468
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /C timeout 10
            2⤵
              PID:796
              • C:\Windows\SysWOW64\timeout.exe
                timeout 10
                3⤵
                • Delays execution with timeout.exe
                PID:4360
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /C timeout 10
              2⤵
                PID:1732
                • C:\Windows\SysWOW64\timeout.exe
                  timeout 10
                  3⤵
                  • Delays execution with timeout.exe
                  PID:4608
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /C timeout 10
                2⤵
                  PID:4452
                  • C:\Windows\SysWOW64\timeout.exe
                    timeout 10
                    3⤵
                    • Delays execution with timeout.exe
                    PID:1928
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\System32\cmd.exe" /C timeout 10
                  2⤵
                    PID:1536
                    • C:\Windows\SysWOW64\timeout.exe
                      timeout 10
                      3⤵
                      • Delays execution with timeout.exe
                      PID:2920
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /C timeout 10
                    2⤵
                      PID:736
                      • C:\Windows\SysWOW64\timeout.exe
                        timeout 10
                        3⤵
                        • Delays execution with timeout.exe
                        PID:3180
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\System32\cmd.exe" /C timeout 10
                      2⤵
                        PID:3440
                        • C:\Windows\SysWOW64\timeout.exe
                          timeout 10
                          3⤵
                          • Delays execution with timeout.exe
                          PID:4364
                      • C:\Windows\SysWOW64\cmd.exe
                        "C:\Windows\System32\cmd.exe" /C timeout 10
                        2⤵
                          PID:2592
                          • C:\Windows\SysWOW64\timeout.exe
                            timeout 10
                            3⤵
                            • Delays execution with timeout.exe
                            PID:1788
                        • C:\Windows\SysWOW64\cmd.exe
                          "C:\Windows\System32\cmd.exe" /C timeout 10
                          2⤵
                            PID:1828
                            • C:\Windows\SysWOW64\timeout.exe
                              timeout 10
                              3⤵
                              • Delays execution with timeout.exe
                              PID:2896
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\System32\cmd.exe" /C timeout 10
                            2⤵
                              PID:2424
                              • C:\Windows\SysWOW64\timeout.exe
                                timeout 10
                                3⤵
                                • Delays execution with timeout.exe
                                PID:2844
                            • C:\Windows\SysWOW64\cmd.exe
                              "C:\Windows\System32\cmd.exe" /C timeout 10
                              2⤵
                                PID:4092
                                • C:\Windows\SysWOW64\timeout.exe
                                  timeout 10
                                  3⤵
                                  • Delays execution with timeout.exe
                                  PID:4996
                              • C:\Windows\SysWOW64\cmd.exe
                                "C:\Windows\System32\cmd.exe" /C timeout 10
                                2⤵
                                  PID:836
                                  • C:\Windows\SysWOW64\timeout.exe
                                    timeout 10
                                    3⤵
                                    • Delays execution with timeout.exe
                                    PID:3800
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /C timeout 10
                                  2⤵
                                    PID:1504
                                    • C:\Windows\SysWOW64\timeout.exe
                                      timeout 10
                                      3⤵
                                      • Delays execution with timeout.exe
                                      PID:2752
                                  • C:\Windows\SysWOW64\cmd.exe
                                    "C:\Windows\System32\cmd.exe" /C timeout 10
                                    2⤵
                                      PID:3652
                                      • C:\Windows\SysWOW64\timeout.exe
                                        timeout 10
                                        3⤵
                                        • Delays execution with timeout.exe
                                        PID:3088
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "C:\Windows\System32\cmd.exe" /C timeout 10
                                      2⤵
                                        PID:5108
                                        • C:\Windows\SysWOW64\timeout.exe
                                          timeout 10
                                          3⤵
                                          • Delays execution with timeout.exe
                                          PID:3456
                                      • C:\Windows\SysWOW64\cmd.exe
                                        "C:\Windows\System32\cmd.exe" /C timeout 10
                                        2⤵
                                          PID:3340
                                          • C:\Windows\SysWOW64\timeout.exe
                                            timeout 10
                                            3⤵
                                            • Delays execution with timeout.exe
                                            PID:4028
                                        • C:\Windows\SysWOW64\cmd.exe
                                          "C:\Windows\System32\cmd.exe" /C timeout 10
                                          2⤵
                                            PID:4472
                                            • C:\Windows\SysWOW64\timeout.exe
                                              timeout 10
                                              3⤵
                                              • Delays execution with timeout.exe
                                              PID:4252

                                        Network

                                        MITRE ATT&CK Matrix ATT&CK v6

                                        Initial Access

                                        Execution

                                        Persistence

                                        Privilege Escalation

                                        Defense Evasion

                                        Credential Access

                                        Discovery

                                        Query Registry

                                        1
                                        T1012

                                        System Information Discovery

                                        2
                                        T1082

                                        Lateral Movement

                                        Collection

                                        Exfiltration

                                        Command and Control

                                        Impact

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • memory/2116-133-0x0000000000C50000-0x0000000000C94000-memory.dmp
                                          Filesize

                                          272KB

                                          Download
                                        • memory/2116-134-0x0000000005B30000-0x00000000060D4000-memory.dmp
                                          Filesize

                                          5.6MB

                                          Download
                                        • memory/2116-135-0x0000000005650000-0x0000000005660000-memory.dmp
                                          Filesize

                                          64KB

                                          Download
                                        • memory/2116-136-0x0000000005650000-0x0000000005660000-memory.dmp
                                          Filesize

                                          64KB

                                          Download