Overview

overview

7

Static

static

3

b65707c1ad...ex.exe

windows7-x64

7

b65707c1ad...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2023 16:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b65707c1ad59f5exeexeexeex.exe

  • Size

    59KB

  • MD5

    b65707c1ad59f543538697173b481381

  • SHA1

    193d41b47840636c64b1228242329458352649b7

  • SHA256

    bcf8f77be5659c455bbfac39948906f337dfbec9505c1798e6bbf01e1710aca8

  • SHA512

    8fab5e2979b94397d4de7b81ac30aaa2ac69b1bfc42d7eb80f5830682ba0e17df331b5b7c872294ed269d36c14f2bc1f41801d48b845ea5e7ee04559d2b9456d

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBccD2RuoNmuBLY8Cte2:X6a+SOtEvwDpjBrOs

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b65707c1ad59f5exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\b65707c1ad59f5exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4992
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:656

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    59KB

    MD5

    a1b1515ff26eea1fe717284f88aff9fd

    SHA1

    df79dd498ed8724efb5efd718920a005f04dbdca

    SHA256

    248e1536827c9f4e2758ae34ed693e7df869e5bc482c1cea2099c2b7de092f48

    SHA512

    0391ba7c5180bc983edacf37fe31abe9e069ba1404cbac65c276a43d03f6472bc5196acdf3f2cb1df5e272533bde9fc3ca5e8333c58e0e4cbaa428c569ff39fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    59KB

    MD5

    a1b1515ff26eea1fe717284f88aff9fd

    SHA1

    df79dd498ed8724efb5efd718920a005f04dbdca

    SHA256

    248e1536827c9f4e2758ae34ed693e7df869e5bc482c1cea2099c2b7de092f48

    SHA512

    0391ba7c5180bc983edacf37fe31abe9e069ba1404cbac65c276a43d03f6472bc5196acdf3f2cb1df5e272533bde9fc3ca5e8333c58e0e4cbaa428c569ff39fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    59KB

    MD5

    a1b1515ff26eea1fe717284f88aff9fd

    SHA1

    df79dd498ed8724efb5efd718920a005f04dbdca

    SHA256

    248e1536827c9f4e2758ae34ed693e7df869e5bc482c1cea2099c2b7de092f48

    SHA512

    0391ba7c5180bc983edacf37fe31abe9e069ba1404cbac65c276a43d03f6472bc5196acdf3f2cb1df5e272533bde9fc3ca5e8333c58e0e4cbaa428c569ff39fe

    Download Submit

  • memory/656-149-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4992-133-0x00000000004C0000-0x00000000004C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4992-134-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download