Overview

overview

7

Static

static

3

DEH3.exe

windows7-x64

1

DEH3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-09-2023 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DEH3.exe

  • Size

    632KB

  • MD5

    4f6a430e35087709258a9462599d0475

  • SHA1

    0479dee1db01b19c40a0b6c49120db860f3c91dd

  • SHA256

    366bcdf81ea6b2d9f7bc7483b93304e80212aa860e2a0762c69f2718ddff657d

  • SHA512

    97df801828e8fc6a9766ce72fab5e881aaa3d41bb0e477a413c1ecea4a9b2f6147b42f75317596bc509f410dc1a9e403beb1b7c1d7b91e96a20a65a3197a752f

  • SSDEEP

    12288:UCS1jU+Hdsy7Mf2y0EBfvXNnz7Qj0WIT71e6d:U5U+HdsAMuGBnN5WIT7M6d

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DEH3.exe
    "C:\Users\Admin\AppData\Local\Temp\DEH3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3936
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c embedded.exe
      2⤵
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      PID:4204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3936-0-0x00007FF7FD120000-0x00007FF7FD1A4000-memory.dmp

    Filesize

    528KB

    Download