Overview

overview

7

Static

static

7

1f779aa367...ex.exe

windows7-x64

7

1f779aa367...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-07-2023 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f779aa367a3bdexeexeexeex.exe

  • Size

    74KB

  • MD5

    1f779aa367a3bd9af7de9eb37c808e19

  • SHA1

    5faefae0c4d009b94b86c9acf7287ff7038c1be8

  • SHA256

    5ae20cba2cc3dad124cd34d92ddfb1754c1139767e5c483e3eaea38e4dbe8c62

  • SHA512

    cc2174435390cac41222d3804ff77639a5d32d57877ec919278bfa17072ddc5132c8c8f319608f424930d2c3dbe7d519c00e22eac2fd0c3f1809157b4838457c

  • SSDEEP

    1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOA+TNi:T6a+rdOOtEvwDpjN6

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f779aa367a3bdexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\1f779aa367a3bdexeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3012

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    74KB

    MD5

    b0ede284ce994fa3ad66bceecfd4e633

    SHA1

    ca33a4fcd7ee66e796e5bf6ea2e04a6a7b73e04e

    SHA256

    d8ff1f24251db7c66a82383ec419a7d491140a6139bfb24adb1419ce6670c85f

    SHA512

    36272bdf6f8f45905099274191d86d6a9dd67e6b62643ce6515ebb981e924350be0e243d4cc2d9d1a0fc23b9bf077d85ed61ce6e6e378da04970caeb64a2fa0c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    74KB

    MD5

    b0ede284ce994fa3ad66bceecfd4e633

    SHA1

    ca33a4fcd7ee66e796e5bf6ea2e04a6a7b73e04e

    SHA256

    d8ff1f24251db7c66a82383ec419a7d491140a6139bfb24adb1419ce6670c85f

    SHA512

    36272bdf6f8f45905099274191d86d6a9dd67e6b62643ce6515ebb981e924350be0e243d4cc2d9d1a0fc23b9bf077d85ed61ce6e6e378da04970caeb64a2fa0c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    74KB

    MD5

    b0ede284ce994fa3ad66bceecfd4e633

    SHA1

    ca33a4fcd7ee66e796e5bf6ea2e04a6a7b73e04e

    SHA256

    d8ff1f24251db7c66a82383ec419a7d491140a6139bfb24adb1419ce6670c85f

    SHA512

    36272bdf6f8f45905099274191d86d6a9dd67e6b62643ce6515ebb981e924350be0e243d4cc2d9d1a0fc23b9bf077d85ed61ce6e6e378da04970caeb64a2fa0c

    Download Submit

  • memory/3012-150-0x00000000020E0000-0x00000000020E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3012-156-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-133-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4504-134-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-135-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download