Overview

overview

7

Static

static

3

fd826d1cbe...ex.exe

windows7-x64

7

fd826d1cbe...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2023, 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd826d1cbe7711exeexeexeex.exe

  • Size

    35KB

  • MD5

    fd826d1cbe7711073f2dd8f80c673853

  • SHA1

    f635d30175ae0c63c888c8499822221d9e016a44

  • SHA256

    424975152f113266e0f41e7a4204f757896f206d706c3f353a071217b1f385e9

  • SHA512

    81a27e420652c523fe73e7d073d0629f267551156d94d6c1c2ec52fc5aef10566156df9f9d1e0912cf3cd501d88a859972b2b64e6c9339ef9a6ef5aa98b52233

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sf88AvvP1oghRnIU/:bIDOw9a0Dwo3P1o2B

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd826d1cbe7711exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\fd826d1cbe7711exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5036
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:412

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    35KB

    MD5

    8f8a96198a39048373c9b1efb659c4ed

    SHA1

    cdcc956e13e694fdfc50bfe7e8fb94539b9508a7

    SHA256

    7ca2dfa33d9e33a425067a5daf65277505d55aa46333c994c3a37d6f33d157c5

    SHA512

    a51893e3b7fe3950ee5514a8ccf0c11b23882cc0bd5b39159f344d6d7bf392dc3d54cdb7d72935609d5034d97cf596e15126a1d323a45a2337c29dfb8e4e9daa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    35KB

    MD5

    8f8a96198a39048373c9b1efb659c4ed

    SHA1

    cdcc956e13e694fdfc50bfe7e8fb94539b9508a7

    SHA256

    7ca2dfa33d9e33a425067a5daf65277505d55aa46333c994c3a37d6f33d157c5

    SHA512

    a51893e3b7fe3950ee5514a8ccf0c11b23882cc0bd5b39159f344d6d7bf392dc3d54cdb7d72935609d5034d97cf596e15126a1d323a45a2337c29dfb8e4e9daa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    35KB

    MD5

    8f8a96198a39048373c9b1efb659c4ed

    SHA1

    cdcc956e13e694fdfc50bfe7e8fb94539b9508a7

    SHA256

    7ca2dfa33d9e33a425067a5daf65277505d55aa46333c994c3a37d6f33d157c5

    SHA512

    a51893e3b7fe3950ee5514a8ccf0c11b23882cc0bd5b39159f344d6d7bf392dc3d54cdb7d72935609d5034d97cf596e15126a1d323a45a2337c29dfb8e4e9daa

    Download Submit

  • memory/412-149-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5036-133-0x0000000000500000-0x0000000000506000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5036-134-0x0000000000520000-0x0000000000526000-memory.dmp

    Filesize

    24KB

    Download