Overview

overview

7

Static

static

7

fc70898a45...JC.exe

windows7-x64

7

fc70898a45...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2023, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc70898a45b476exe_JC.exe

  • Size

    64KB

  • MD5

    fc70898a45b476b98221af9bc53341da

  • SHA1

    9bf366b2e35539ca62a84f9c2d875c3c3bd23152

  • SHA256

    57bdd16b554136396d2ee47fe75718cfb01363c5b67fadff9722271151bfeef0

  • SHA512

    9ac5703f3f2785766d0a5def49f7324620825ecb080b0b41a2cbc060e9e192234345d0e7cc6dc99f060fd6fbf382335c693d2a0ce647a56236f8e76f60cd3bbf

  • SSDEEP

    1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAh5y:z6a+CdOOtEvwDpjQh

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc70898a45b476exe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\fc70898a45b476exe_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4816

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    64KB

    MD5

    58e9fb667c44d7d55d9c9bce6cd57557

    SHA1

    961350a81ae4ddd72deae7c4241e3e13757125c4

    SHA256

    ae9317d4389b9c755b40fc1995559de85dfac97b4f08600bfa9d97ad994c71a6

    SHA512

    f916b3ad6b86307e23acca92b5d4dc4395a20b2ec153b037692819f7cfc479321caf9289824b2c04b538f646faca216acb873deb89f0a6b18c4e1953afdfd483

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    64KB

    MD5

    58e9fb667c44d7d55d9c9bce6cd57557

    SHA1

    961350a81ae4ddd72deae7c4241e3e13757125c4

    SHA256

    ae9317d4389b9c755b40fc1995559de85dfac97b4f08600bfa9d97ad994c71a6

    SHA512

    f916b3ad6b86307e23acca92b5d4dc4395a20b2ec153b037692819f7cfc479321caf9289824b2c04b538f646faca216acb873deb89f0a6b18c4e1953afdfd483

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    64KB

    MD5

    58e9fb667c44d7d55d9c9bce6cd57557

    SHA1

    961350a81ae4ddd72deae7c4241e3e13757125c4

    SHA256

    ae9317d4389b9c755b40fc1995559de85dfac97b4f08600bfa9d97ad994c71a6

    SHA512

    f916b3ad6b86307e23acca92b5d4dc4395a20b2ec153b037692819f7cfc479321caf9289824b2c04b538f646faca216acb873deb89f0a6b18c4e1953afdfd483

    Download Submit

  • memory/4816-152-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4816-153-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4816-159-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4892-133-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4892-134-0x00000000020E0000-0x00000000020E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4892-135-0x00000000020E0000-0x00000000020E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4892-136-0x0000000002110000-0x0000000002116000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4892-150-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download