Overview

overview

7

Static

static

3

5c1406bf58...ex.exe

windows7-x64

7

5c1406bf58...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/07/2023, 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c1406bf58f18fexeexeexeex.exe

  • Size

    36KB

  • MD5

    5c1406bf58f18fffcd0daf618ec3bcfb

  • SHA1

    6c55e66d95b4026b6a01a64d19591be2fba0dc2e

  • SHA256

    0be373c7fc2f03140ddf60a8b61717c10bcc9d1258a79a8d8acfed75687e4f1b

  • SHA512

    fde35ae60e3dbbe335ab902f8b96e7cf60c2cd30e627055ad37c2515e161333f9f8cced05a25cc98eef1381ac83c237f5d18330af96d404c18cc5e48cd19d086

  • SSDEEP

    384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+2ipdDZ:bgX4zYcgTEu6QOaryfjqDlCFZ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c1406bf58f18fexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\5c1406bf58f18fexeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:788
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:3132

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    36KB

    MD5

    1443cb4930b2d42e17cfd6573031c41a

    SHA1

    3456b2506a3a0147ab03f8a6772eced8d6d9f304

    SHA256

    7b8bd89d7335a8065be5bfeeb1ea97b6003c6cce6ae4ae7a6fdf5aa63762a523

    SHA512

    1c397abb2cd5633537b2e77b7dadb5637e9db2d903cc8d4c2b37ef0e16fdb441c2617e1e80f6722d4255276046c51557f2efa5d2c68c98e86b3d831409c5513e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    36KB

    MD5

    1443cb4930b2d42e17cfd6573031c41a

    SHA1

    3456b2506a3a0147ab03f8a6772eced8d6d9f304

    SHA256

    7b8bd89d7335a8065be5bfeeb1ea97b6003c6cce6ae4ae7a6fdf5aa63762a523

    SHA512

    1c397abb2cd5633537b2e77b7dadb5637e9db2d903cc8d4c2b37ef0e16fdb441c2617e1e80f6722d4255276046c51557f2efa5d2c68c98e86b3d831409c5513e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    36KB

    MD5

    1443cb4930b2d42e17cfd6573031c41a

    SHA1

    3456b2506a3a0147ab03f8a6772eced8d6d9f304

    SHA256

    7b8bd89d7335a8065be5bfeeb1ea97b6003c6cce6ae4ae7a6fdf5aa63762a523

    SHA512

    1c397abb2cd5633537b2e77b7dadb5637e9db2d903cc8d4c2b37ef0e16fdb441c2617e1e80f6722d4255276046c51557f2efa5d2c68c98e86b3d831409c5513e

    Download Submit

  • memory/788-133-0x00000000021A0000-0x00000000021A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/788-134-0x0000000002350000-0x0000000002356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3132-149-0x0000000002FE0000-0x0000000002FE6000-memory.dmp

    Filesize

    24KB

    Download