Overview

overview

7

Static

static

3

f3924826c5...ex.exe

windows7-x64

7

f3924826c5...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-07-2023 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3924826c5a6a7exeexeexeex.exe

  • Size

    39KB

  • MD5

    f3924826c5a6a762cb9a96fa2a149cd9

  • SHA1

    4a343f3bd22589a4c291539ff564f06e7b9ac5cc

  • SHA256

    49def20b2a4d94bcc8d60580ebdef5714b4da10a397b2e6fd461759373a00b51

  • SHA512

    acea9c132725057bcee013d27df0477c37860eabbefb35d83639692d8e2e8016d5c03c179a39d1b3fe418ba3c4a8af82463c0223cdd95476bd3caeca65501c0f

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLaXKvm:V6QFElP6n+gMQMOtEvwDpjya0m

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f3924826c5a6a7exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\f3924826c5a6a7exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4676

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    39KB

    MD5

    5b79413d8574666bbcf4a26436077f19

    SHA1

    0a72b526e4e76facd4c9f6eb9ef5fc51cd31111d

    SHA256

    9c6d221621d1b6800497975e9f939ed0ce7ecd27854dd3599968e6814deb163b

    SHA512

    2139b452cdf09c9250e1542e2c8857ad4e87fa72f10c26438f1f8b6fdfd4d9b05ae1cb9c177bacabaf6c0fc683f3e9cd209826e2654bc77e7780ace07a677a47

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    39KB

    MD5

    5b79413d8574666bbcf4a26436077f19

    SHA1

    0a72b526e4e76facd4c9f6eb9ef5fc51cd31111d

    SHA256

    9c6d221621d1b6800497975e9f939ed0ce7ecd27854dd3599968e6814deb163b

    SHA512

    2139b452cdf09c9250e1542e2c8857ad4e87fa72f10c26438f1f8b6fdfd4d9b05ae1cb9c177bacabaf6c0fc683f3e9cd209826e2654bc77e7780ace07a677a47

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    39KB

    MD5

    5b79413d8574666bbcf4a26436077f19

    SHA1

    0a72b526e4e76facd4c9f6eb9ef5fc51cd31111d

    SHA256

    9c6d221621d1b6800497975e9f939ed0ce7ecd27854dd3599968e6814deb163b

    SHA512

    2139b452cdf09c9250e1542e2c8857ad4e87fa72f10c26438f1f8b6fdfd4d9b05ae1cb9c177bacabaf6c0fc683f3e9cd209826e2654bc77e7780ace07a677a47

    Download Submit

  • memory/1180-133-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1180-134-0x0000000002030000-0x0000000002036000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4676-149-0x0000000002060000-0x0000000002066000-memory.dmp

    Filesize

    24KB

    Download