Overview

overview

7

Static

static

3

c43de61777...ex.exe

windows7-x64

7

c43de61777...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2023 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c43de61777d5bcexeexeexeex.exe

  • Size

    43KB

  • MD5

    c43de61777d5bc516c7247d2fe5e1ac3

  • SHA1

    f80b6c831381ce0f08c676d73d476ed8af703347

  • SHA256

    b237c7e0a9e977992d6bd6d4a6c279b129949a0f813d6aeba334f09f6bfd8b8f

  • SHA512

    25114304a966a66d1b013b1d451cbeed6db42a33c318fd5faced28a7ead8da4c5c9561b16ee211a6b69d762c4513c0f31b8fc985bc1c9529b96a7c6a094ac7e2

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaEq1xGb3y5:X6QFElP6n+gJQMOtEvwDpjB0mGbS

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c43de61777d5bcexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\c43de61777d5bcexeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3668
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3272

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    43KB

    MD5

    c47376d388fb00bdcea9c98496175348

    SHA1

    830ae2b22c53f43b5a04ca0ac08c4291de8b02cb

    SHA256

    dfa6cb1fa107d9208f92bbf63d4d63a98bb5eab3b03f9a76c7d6b4fb6e9649c8

    SHA512

    36010746b0334785c891f6b44a052741750b01e9c826b669fa6922f7eb3b95fcf41c4f58f6f2e0bdd5650f1739c5c8588d122ba0b7bc1e51a1c2474e148b1375

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    43KB

    MD5

    c47376d388fb00bdcea9c98496175348

    SHA1

    830ae2b22c53f43b5a04ca0ac08c4291de8b02cb

    SHA256

    dfa6cb1fa107d9208f92bbf63d4d63a98bb5eab3b03f9a76c7d6b4fb6e9649c8

    SHA512

    36010746b0334785c891f6b44a052741750b01e9c826b669fa6922f7eb3b95fcf41c4f58f6f2e0bdd5650f1739c5c8588d122ba0b7bc1e51a1c2474e148b1375

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    43KB

    MD5

    c47376d388fb00bdcea9c98496175348

    SHA1

    830ae2b22c53f43b5a04ca0ac08c4291de8b02cb

    SHA256

    dfa6cb1fa107d9208f92bbf63d4d63a98bb5eab3b03f9a76c7d6b4fb6e9649c8

    SHA512

    36010746b0334785c891f6b44a052741750b01e9c826b669fa6922f7eb3b95fcf41c4f58f6f2e0bdd5650f1739c5c8588d122ba0b7bc1e51a1c2474e148b1375

    Download Submit

  • memory/3668-133-0x00000000004C0000-0x00000000004C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3668-134-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download