Overview

overview

7

Static

static

3

2517fc16a6...ex.exe

windows7-x64

7

2517fc16a6...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2023, 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2517fc16a6c311exeexeexeex.exe

  • Size

    31KB

  • MD5

    2517fc16a6c3119abb0b12fe07b666aa

  • SHA1

    b2dad38dd89d4595ec98d4a3b14d9a1a16378cc7

  • SHA256

    9d7856be5186c13a24a3de5e5568a0234c6f21c1e7f6b04e5de88572b7df8081

  • SHA512

    0cc90c589a9ef4dcaf66056c59ec02a737615a91315f023dc5c586f8d282986571b1f72bd158ec7d7a030bdb3278f593fb226292e5fd0a0b0ed6f5a632fb92e2

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjB9a/m:X6QFElP6n+gJQMOtEvwDpjBM/m

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2517fc16a6c311exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\2517fc16a6c311exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    32KB

    MD5

    a23e2dacc132ee10b905e3417f968c57

    SHA1

    7fef15bc7db19ad1c51c6cb4ecbcf96c334f7db9

    SHA256

    8a33d718d086e0f5a94a87bbce272bda5393592036319cb4eaf05ac3fec1c5da

    SHA512

    3adc8cfe68cdbc2ac1b73680bb998664acad3ddea33b0b3362af6f39684c0ad635463075e92ac69f19931d19c55a031dff52bf7a7fdecbd1609a6c1a03aa437c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    32KB

    MD5

    a23e2dacc132ee10b905e3417f968c57

    SHA1

    7fef15bc7db19ad1c51c6cb4ecbcf96c334f7db9

    SHA256

    8a33d718d086e0f5a94a87bbce272bda5393592036319cb4eaf05ac3fec1c5da

    SHA512

    3adc8cfe68cdbc2ac1b73680bb998664acad3ddea33b0b3362af6f39684c0ad635463075e92ac69f19931d19c55a031dff52bf7a7fdecbd1609a6c1a03aa437c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    32KB

    MD5

    a23e2dacc132ee10b905e3417f968c57

    SHA1

    7fef15bc7db19ad1c51c6cb4ecbcf96c334f7db9

    SHA256

    8a33d718d086e0f5a94a87bbce272bda5393592036319cb4eaf05ac3fec1c5da

    SHA512

    3adc8cfe68cdbc2ac1b73680bb998664acad3ddea33b0b3362af6f39684c0ad635463075e92ac69f19931d19c55a031dff52bf7a7fdecbd1609a6c1a03aa437c

    Download Submit

  • memory/3472-149-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5088-133-0x0000000000510000-0x0000000000516000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5088-134-0x00000000021A0000-0x00000000021A6000-memory.dmp

    Filesize

    24KB

    Download