Overview

overview

7

Static

static

3

1dda783d46...JC.exe

windows7-x64

7

1dda783d46...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2023, 13:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1dda783d461379exe_JC.exe

  • Size

    67KB

  • MD5

    1dda783d4613796c41ce8a7196ca839a

  • SHA1

    954029584c4ee43e1d40a6dce43642cb4138bfd9

  • SHA256

    3ab589618b1d8408d0bca4ff4bb394526b3a470adf4d81fd2488443c7f3b263f

  • SHA512

    677bfc026cb89aeec4ecf8cd3c87466f8d4a5f94607a83fe585a385f3529a19b8ea884b4ccf4d723c3397467a3b9419cb9fb4953dc8afffec8170b7e0aefdd10

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPtI07HcOmcY:V6QFElP6n+gMQMOtEvwDpjyaLccVp4xh

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1dda783d461379exe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1dda783d461379exe_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4300

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          67KB

          MD5

          a1b5a389cceb634c7f6ca6599cd3aecb

          SHA1

          85500dc5204a43e66cec610fd61063ceba3875e0

          SHA256

          78dbb8d6392ec5420c11769bb83e13e5fed88f12d211a46c679fb96f8ea37f9d

          SHA512

          a2973052ab191424d24f2cdb18dadeb7c3340f86ef5b41cb3068899b1e62237fc3fbe95d6f645fbf10d12a959f6d07f95371f7c56d757eb6b29da055c0175968

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          67KB

          MD5

          a1b5a389cceb634c7f6ca6599cd3aecb

          SHA1

          85500dc5204a43e66cec610fd61063ceba3875e0

          SHA256

          78dbb8d6392ec5420c11769bb83e13e5fed88f12d211a46c679fb96f8ea37f9d

          SHA512

          a2973052ab191424d24f2cdb18dadeb7c3340f86ef5b41cb3068899b1e62237fc3fbe95d6f645fbf10d12a959f6d07f95371f7c56d757eb6b29da055c0175968

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          67KB

          MD5

          a1b5a389cceb634c7f6ca6599cd3aecb

          SHA1

          85500dc5204a43e66cec610fd61063ceba3875e0

          SHA256

          78dbb8d6392ec5420c11769bb83e13e5fed88f12d211a46c679fb96f8ea37f9d

          SHA512

          a2973052ab191424d24f2cdb18dadeb7c3340f86ef5b41cb3068899b1e62237fc3fbe95d6f645fbf10d12a959f6d07f95371f7c56d757eb6b29da055c0175968

          Download Submit

        • memory/748-133-0x00000000020D0000-0x00000000020D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/748-135-0x0000000002100000-0x0000000002106000-memory.dmp

          Filesize

          24KB

          Download

        • memory/748-134-0x00000000020D0000-0x00000000020D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4300-150-0x00000000005E0000-0x00000000005E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4300-151-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download