Overview

overview

7

Static

static

3

753a4ae0bf...ex.exe

windows7-x64

7

753a4ae0bf...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2023 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    753a4ae0bfe8d4exeexeexeex.exe

  • Size

    46KB

  • MD5

    753a4ae0bfe8d4b525420ad23151c9f3

  • SHA1

    f1a9097c21952b86179f1f81598fe093fbe22e84

  • SHA256

    859c104baa50887e96b0170dcc6cf069fb09e0fd280ad7b9616fffe383393f82

  • SHA512

    743ca2cddfc3f5d54524ec32120da7356e0104b2326fcf8a42251ae0ac42770fde458ac59e720e0e979028db13ea5f621745bc1c78587f5982d9eb52fbcff059

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4Uu6EIZPm8h:bIDOw9a0DwitDwIZbh

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\753a4ae0bfe8d4exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\753a4ae0bfe8d4exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3120
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:4676

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    47KB

    MD5

    48c366f9abb00fe6dae5e929eff662d4

    SHA1

    ef76bb14bb3675ef04fa928e1b31064286c7306b

    SHA256

    7909e27a351f213f1132fc050e7e3fd3b1540b8d8d6f38974cf72dc5ddb4b2f4

    SHA512

    d27a792f7e3ae1a3717e1d50ea219a60552b11f9b9cb4e8f7c1c9e78c0802fec4bbdd31215376fca954266d4f80cc2fdd498f6d333f6225de5c088d3de5b0d6c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    47KB

    MD5

    48c366f9abb00fe6dae5e929eff662d4

    SHA1

    ef76bb14bb3675ef04fa928e1b31064286c7306b

    SHA256

    7909e27a351f213f1132fc050e7e3fd3b1540b8d8d6f38974cf72dc5ddb4b2f4

    SHA512

    d27a792f7e3ae1a3717e1d50ea219a60552b11f9b9cb4e8f7c1c9e78c0802fec4bbdd31215376fca954266d4f80cc2fdd498f6d333f6225de5c088d3de5b0d6c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    47KB

    MD5

    48c366f9abb00fe6dae5e929eff662d4

    SHA1

    ef76bb14bb3675ef04fa928e1b31064286c7306b

    SHA256

    7909e27a351f213f1132fc050e7e3fd3b1540b8d8d6f38974cf72dc5ddb4b2f4

    SHA512

    d27a792f7e3ae1a3717e1d50ea219a60552b11f9b9cb4e8f7c1c9e78c0802fec4bbdd31215376fca954266d4f80cc2fdd498f6d333f6225de5c088d3de5b0d6c

    Download Submit

  • memory/3120-133-0x00000000021F0000-0x00000000021F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3120-134-0x0000000002210000-0x0000000002216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4676-149-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download