Overview

overview

7

Static

static

3

043bae73c9...ex.exe

windows7-x64

7

043bae73c9...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2023, 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    043bae73c94423exeexeexeex.exe

  • Size

    37KB

  • MD5

    043bae73c944230bbabacb2e9ce6ace2

  • SHA1

    186e8c0e609c77f6c006d359ba948b2302c92e01

  • SHA256

    667233f1213365cc54d740a65dbc3be7b814a3ee5a2e43c139273fb47641a736

  • SHA512

    49a392a3ca378b457c329c32aa4aa931c51c2919b3d8b2d4d1f089fa1ae4e100235a305a788622586fc35cd4e3105220e0ddb9e61532f630db1a32a0a6a2c3ba

  • SSDEEP

    384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72kmGYjBa4GY6:bgX4zYcgTEu6QOaryfjqDlC7rYE48

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\043bae73c94423exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\043bae73c94423exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:1480

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    37KB

    MD5

    b2bc58f2bc09e4c658e03021f3386708

    SHA1

    d7aafab1712d2002f10c876ec0642cd86bf5673a

    SHA256

    1074894e00986a8299f3c01abc8d4bf6181a66772e81bc5450592b351d79a2dd

    SHA512

    31f8717699bfc78c2fdc670a9b31e9a5a6f79f23a366ef4ad0a38500b3ccd04563e773b544b98b35fcea2784ac9480e38d4ff313e32a28b0ee2b3c9bdbea33cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    37KB

    MD5

    b2bc58f2bc09e4c658e03021f3386708

    SHA1

    d7aafab1712d2002f10c876ec0642cd86bf5673a

    SHA256

    1074894e00986a8299f3c01abc8d4bf6181a66772e81bc5450592b351d79a2dd

    SHA512

    31f8717699bfc78c2fdc670a9b31e9a5a6f79f23a366ef4ad0a38500b3ccd04563e773b544b98b35fcea2784ac9480e38d4ff313e32a28b0ee2b3c9bdbea33cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    37KB

    MD5

    b2bc58f2bc09e4c658e03021f3386708

    SHA1

    d7aafab1712d2002f10c876ec0642cd86bf5673a

    SHA256

    1074894e00986a8299f3c01abc8d4bf6181a66772e81bc5450592b351d79a2dd

    SHA512

    31f8717699bfc78c2fdc670a9b31e9a5a6f79f23a366ef4ad0a38500b3ccd04563e773b544b98b35fcea2784ac9480e38d4ff313e32a28b0ee2b3c9bdbea33cc

    Download Submit

  • memory/1480-149-0x0000000001FA0000-0x0000000001FA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4856-133-0x0000000000700000-0x0000000000706000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4856-134-0x0000000002250000-0x0000000002256000-memory.dmp

    Filesize

    24KB

    Download