Overview

overview

7

Static

static

3

9f81ead477...ex.exe

windows7-x64

7

9f81ead477...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2023 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f81ead4778625exeexeexeex.exe

  • Size

    86KB

  • MD5

    9f81ead47786254ce826c5112ecd0b26

  • SHA1

    1e2397a5e1c7eb2d571c9d30559d2f119749743c

  • SHA256

    8e6beef2716b8c37fb964e0460b52bf4320c115fd0da4cdbd8c169112205be54

  • SHA512

    a4daa20fde8572d946e23917219f6bc6d2cf84f8a44e54298b9881a92119f2d78b8175021311022048057b378e384d629ee44d0048854c6ebbbea44fe00c5af4

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWi:V6a+pOtEvwDpjtD

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f81ead4778625exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\9f81ead4778625exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3408
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    87KB

    MD5

    66b886769c4724fa230d6e5eb19bdbcd

    SHA1

    daf99554844949a14595a733a5e88c6eedb42efc

    SHA256

    22534c5fe3ceed6bc75174d137bef3fa3aaa8547779d03b8750c3b66eb3d3936

    SHA512

    3d47dd6a825b906b1e84da770a2bf34cf4c160296f2d5c795bf30037da7b55fbc6b4fe620d4d2be2fd41a6434d2bbef84763ee55f1b92008629a9c54fcfcdc84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    87KB

    MD5

    66b886769c4724fa230d6e5eb19bdbcd

    SHA1

    daf99554844949a14595a733a5e88c6eedb42efc

    SHA256

    22534c5fe3ceed6bc75174d137bef3fa3aaa8547779d03b8750c3b66eb3d3936

    SHA512

    3d47dd6a825b906b1e84da770a2bf34cf4c160296f2d5c795bf30037da7b55fbc6b4fe620d4d2be2fd41a6434d2bbef84763ee55f1b92008629a9c54fcfcdc84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    87KB

    MD5

    66b886769c4724fa230d6e5eb19bdbcd

    SHA1

    daf99554844949a14595a733a5e88c6eedb42efc

    SHA256

    22534c5fe3ceed6bc75174d137bef3fa3aaa8547779d03b8750c3b66eb3d3936

    SHA512

    3d47dd6a825b906b1e84da770a2bf34cf4c160296f2d5c795bf30037da7b55fbc6b4fe620d4d2be2fd41a6434d2bbef84763ee55f1b92008629a9c54fcfcdc84

    Download Submit

  • memory/3408-133-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3408-134-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download