Overview

overview

7

Static

static

3

70df693092...ex.exe

windows7-x64

7

70df693092...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2023 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70df6930924e75exeexeexeex.exe

  • Size

    31KB

  • MD5

    70df6930924e750e6b4e4ea99ca7e12e

  • SHA1

    79c015e6710471f9d690a0d9cee2f8f4b312a454

  • SHA256

    1f1e471fb86bd98e608063126ad7f012520f1fbfcf22147d9cfe14c24364c19a

  • SHA512

    9f91c44a92451bd2984f40d61563084996f38b51955ea57db26cf256d8137e142748a679e1fab30a47e4134979d22d5f1667ab27ae0aa09c049ba2aa156a006e

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjB9iYpR:X6QFElP6n+gJQMOtEvwDpjBHR

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70df6930924e75exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\70df6930924e75exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3416

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    32KB

    MD5

    a99944a9aa12c38d78582993a3cfe792

    SHA1

    c20a7922cf677f1ab054be1971878822d080ae56

    SHA256

    bd72af0028b2fba27bd7f6640dfd473834bb557f12f1ca3d6887493a4b8ab0ef

    SHA512

    25d3490fa5823d4ffe4132db58450715891c11382c03af4f0e2b2b1c4b2887263a57c9e1ffc7bdca0d278d7abe6c369772e5b367bcb5bfa73507688cf3d90f99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    32KB

    MD5

    a99944a9aa12c38d78582993a3cfe792

    SHA1

    c20a7922cf677f1ab054be1971878822d080ae56

    SHA256

    bd72af0028b2fba27bd7f6640dfd473834bb557f12f1ca3d6887493a4b8ab0ef

    SHA512

    25d3490fa5823d4ffe4132db58450715891c11382c03af4f0e2b2b1c4b2887263a57c9e1ffc7bdca0d278d7abe6c369772e5b367bcb5bfa73507688cf3d90f99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    32KB

    MD5

    a99944a9aa12c38d78582993a3cfe792

    SHA1

    c20a7922cf677f1ab054be1971878822d080ae56

    SHA256

    bd72af0028b2fba27bd7f6640dfd473834bb557f12f1ca3d6887493a4b8ab0ef

    SHA512

    25d3490fa5823d4ffe4132db58450715891c11382c03af4f0e2b2b1c4b2887263a57c9e1ffc7bdca0d278d7abe6c369772e5b367bcb5bfa73507688cf3d90f99

    Download Submit

  • memory/1052-133-0x00000000007B0000-0x00000000007B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1052-134-0x00000000007D0000-0x00000000007D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3416-149-0x0000000000670000-0x0000000000676000-memory.dmp

    Filesize

    24KB

    Download