Overview

overview

7

Static

static

3

f4f4550e0d...ex.exe

windows7-x64

7

f4f4550e0d...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2023, 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4f4550e0d2d52exeexeexeex.exe

  • Size

    35KB

  • MD5

    f4f4550e0d2d520f8380a5e9f23dbec9

  • SHA1

    9141f5bd2d91979013b607d53533edeba7502b2e

  • SHA256

    5be64e1b6e162d9ddaaca261cd2f8359659b385b2edd298eea302d623cf2d0ee

  • SHA512

    99822c57f37dc86f93983d182beab6097a028273cc0894dc5c2b2b1496418412eb495e3ada9d3081af817f0159525f37b2264cbddbc4ce67aa93b66e05afc756

  • SSDEEP

    384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+0vJsg5b5U6jnG:bgX4zYcgTEu6QOaryfjqDlC6JFbK6rG

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4f4550e0d2d52exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\f4f4550e0d2d52exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4848
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    8fd5c3ae04ab6e78e0d3e4041a896ab4

    SHA1

    de7e7b5ffc1172a71fb82fa17de4776442b851a7

    SHA256

    f1aadedcefbef473565593c3c7fd7bab78fac6a77a0271a776e7abaef2a39df9

    SHA512

    a9afe6183aa80f4446dc8f67a74f7cac1346c3fc2286b0d4e3962b9b9425c361c44079e97685eca3a508bda176127f2253bfde554fce3f8976f12595289ad7ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    8fd5c3ae04ab6e78e0d3e4041a896ab4

    SHA1

    de7e7b5ffc1172a71fb82fa17de4776442b851a7

    SHA256

    f1aadedcefbef473565593c3c7fd7bab78fac6a77a0271a776e7abaef2a39df9

    SHA512

    a9afe6183aa80f4446dc8f67a74f7cac1346c3fc2286b0d4e3962b9b9425c361c44079e97685eca3a508bda176127f2253bfde554fce3f8976f12595289ad7ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    8fd5c3ae04ab6e78e0d3e4041a896ab4

    SHA1

    de7e7b5ffc1172a71fb82fa17de4776442b851a7

    SHA256

    f1aadedcefbef473565593c3c7fd7bab78fac6a77a0271a776e7abaef2a39df9

    SHA512

    a9afe6183aa80f4446dc8f67a74f7cac1346c3fc2286b0d4e3962b9b9425c361c44079e97685eca3a508bda176127f2253bfde554fce3f8976f12595289ad7ea

    Download Submit

  • memory/2564-149-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4848-133-0x0000000002210000-0x0000000002216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4848-134-0x00000000022D0000-0x00000000022D6000-memory.dmp

    Filesize

    24KB

    Download