Overview

overview

7

Static

static

3

tmp.exe

windows7-x64

7

tmp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    102s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2023, 05:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    7.2MB

  • MD5

    7bc4b73ab8d21b8f94cd8e615176115d

  • SHA1

    c94625297f7f4fc7cb2258b266f2a9908cccb6ee

  • SHA256

    ede9caf2b68d3a5c7927737bcbdda1e2834a3b713103afacd88e1c5ecfacb981

  • SHA512

    33a983d2efd888f6e920fe4653e33e2a030730e24ba2c6c03526791db468dcd83afdbd4ca14e48467fcadedf97fddca832b2dddd9bb70f307b017faf72081a6f

  • SSDEEP

    196608:JJRY1Aw2FfB1/RzlNYj+bYPT+oM8KR4kbnCkd6aaI6HMaJTtGb4:HkAw2F/RnYa0PT64kbwF

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 528
      2⤵
      • Program crash
      PID:1936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads