Overview

overview

7

Static

static

3

f549d968bc...ex.exe

windows7-x64

7

f549d968bc...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-07-2023 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f549d968bc3046exeexeexeex.exe

  • Size

    26KB

  • MD5

    f549d968bc30461f01763ced3259d8e1

  • SHA1

    d2b492915e8cfc4ff703fbd8a8f9d745b1fe0d7d

  • SHA256

    aba0f0ea5d5e61b5f00e3fc89a0e2d7b35818ba95d01757ce67b32a54960d6c1

  • SHA512

    71290cb1a310220f2e6a51e1f9f763b488d78dcbb66f90d9cc252dcd8a2ed9ae9bd9f6f16ca250de8f2386c5946ac20847ac6779d3747c50eef5f0d9768e69e7

  • SSDEEP

    384:bIDl1ovmXAw9PMDREhi9OUSPlRxMc/cip7IAfjDb4YeNI8WxD:bIDOw9UiaCHfjnMNjGD

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f549d968bc3046exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\f549d968bc3046exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4964
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:2192

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    26KB

    MD5

    25aad8837590b831f7d9446c0c10c741

    SHA1

    dfeb230c0c90120040ef4caca48fc7c9092b8b1a

    SHA256

    e592a50b9b0f2cf150b8e94158ef9ed46d00278b9cc0002cb3867957a7fb7e21

    SHA512

    98732f5622b3a7139207da70b9ac4fe427ca46e52d797dae1ce3d1ac825b5bb53287b9853da74b083c516767da4f98ee259b060ff4049a84dfe843d03d8e53c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    26KB

    MD5

    25aad8837590b831f7d9446c0c10c741

    SHA1

    dfeb230c0c90120040ef4caca48fc7c9092b8b1a

    SHA256

    e592a50b9b0f2cf150b8e94158ef9ed46d00278b9cc0002cb3867957a7fb7e21

    SHA512

    98732f5622b3a7139207da70b9ac4fe427ca46e52d797dae1ce3d1ac825b5bb53287b9853da74b083c516767da4f98ee259b060ff4049a84dfe843d03d8e53c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    26KB

    MD5

    25aad8837590b831f7d9446c0c10c741

    SHA1

    dfeb230c0c90120040ef4caca48fc7c9092b8b1a

    SHA256

    e592a50b9b0f2cf150b8e94158ef9ed46d00278b9cc0002cb3867957a7fb7e21

    SHA512

    98732f5622b3a7139207da70b9ac4fe427ca46e52d797dae1ce3d1ac825b5bb53287b9853da74b083c516767da4f98ee259b060ff4049a84dfe843d03d8e53c3

    Download Submit

  • memory/2192-149-0x00000000020C0000-0x00000000020C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4964-133-0x0000000000580000-0x0000000000586000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4964-134-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download