Overview

overview

7

Static

static

3

00a1065461...ex.exe

windows7-x64

7

00a1065461...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-07-2023 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00a10654613765exeexeexeex.exe

  • Size

    327KB

  • MD5

    00a1065461376591346a37a5ecad95cf

  • SHA1

    5a364c0b26344f5ebaea5ad52c93ff5cc245b39b

  • SHA256

    b3b4fcae45dc3d211b899d38648751f8398574054f5af646d0c7bbe209323900

  • SHA512

    c931ef99b9616b4b372ebfc093e90dafde8d769ac7f11c44d53b816f095e121018ced50dd9ccaadd462e47e1b69ad0ad6a5efc52536a54e8c748970c001f54f7

  • SSDEEP

    6144:Q2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:Q2TFafJiHCWBWPMjVWrXK0

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00a10654613765exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\00a10654613765exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:984
      • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe"
        3⤵
        • Executes dropped EXE
        PID:2764

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
    Filesize

    327KB

    MD5

    86d255c821440c7429582bce499d4f39

    SHA1

    925108ed4189345d423af46ed01e193413e87b60

    SHA256

    2003e346a6b219609bd78bc5bf682b5feb699855656569071a1f02765bca0add

    SHA512

    bce053973ba269a9844feb39c93c74d2e853411c11b5745bd5096f3dc9dc1794545c72f0c2a8dbbbf29b6e0dc8d68bd7ef9fa7d835d4c947e05c2a1bb560b1e2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
    Filesize

    327KB

    MD5

    86d255c821440c7429582bce499d4f39

    SHA1

    925108ed4189345d423af46ed01e193413e87b60

    SHA256

    2003e346a6b219609bd78bc5bf682b5feb699855656569071a1f02765bca0add

    SHA512

    bce053973ba269a9844feb39c93c74d2e853411c11b5745bd5096f3dc9dc1794545c72f0c2a8dbbbf29b6e0dc8d68bd7ef9fa7d835d4c947e05c2a1bb560b1e2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
    Filesize

    327KB

    MD5

    86d255c821440c7429582bce499d4f39

    SHA1

    925108ed4189345d423af46ed01e193413e87b60

    SHA256

    2003e346a6b219609bd78bc5bf682b5feb699855656569071a1f02765bca0add

    SHA512

    bce053973ba269a9844feb39c93c74d2e853411c11b5745bd5096f3dc9dc1794545c72f0c2a8dbbbf29b6e0dc8d68bd7ef9fa7d835d4c947e05c2a1bb560b1e2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
    Filesize

    327KB

    MD5

    86d255c821440c7429582bce499d4f39

    SHA1

    925108ed4189345d423af46ed01e193413e87b60

    SHA256

    2003e346a6b219609bd78bc5bf682b5feb699855656569071a1f02765bca0add

    SHA512

    bce053973ba269a9844feb39c93c74d2e853411c11b5745bd5096f3dc9dc1794545c72f0c2a8dbbbf29b6e0dc8d68bd7ef9fa7d835d4c947e05c2a1bb560b1e2

    Download Submit