Overview

overview

7

Static

static

3

eec4ef8447...e6.exe

windows7-x64

7

eec4ef8447...e6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2023 00:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eec4ef84471a1fe215db037a40134e30d25024c009a5bedd0b34bee5bf35b4e6.exe

  • Size

    198KB

  • MD5

    4623df5f42f1c17788f80a4928cb8440

  • SHA1

    c59dd6cd1a21464de38142b8b13b1fac393461a7

  • SHA256

    eec4ef84471a1fe215db037a40134e30d25024c009a5bedd0b34bee5bf35b4e6

  • SHA512

    00e90d6e221d1eaeba15728cec62d4effcbdb0b9052294429f88f936c6c40ebf1ef7164c48a345c56885a57e7f7057073636bda2f9b7b1bd3bfbefe6ea40929c

  • SSDEEP

    6144:rBs27MMLyX5HXXXDTXXXOGqIII+pXXX5AYjKXXXDoXXXG6XXXxXXXLIIIEAkOCOl:rK20HXXX/XXXFqIIIcXXX5j2XXXcXXXE

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eec4ef84471a1fe215db037a40134e30d25024c009a5bedd0b34bee5bf35b4e6.exe
    "C:\Users\Admin\AppData\Local\Temp\eec4ef84471a1fe215db037a40134e30d25024c009a5bedd0b34bee5bf35b4e6.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\EEC4EF~1.EXE > nul
      2⤵
        PID:2652
    • C:\Windows\Debug\tuehost.exe
      C:\Windows\Debug\tuehost.exe
      1⤵
      • Executes dropped EXE
      • Checks processor information in registry
      PID:4732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Debug\tuehost.exe
      Filesize

      198KB

      MD5

      1ac7a0a8ce1e0d651400e72ae204f213

      SHA1

      b09cf2318bd5bd6f202968e4ae99282339405a53

      SHA256

      e0e0acfdb5864fa7c44f89e0109087f33757c852ad009e9fdfa62c49aa37d030

      SHA512

      c61b01460207869d3c4cc9fb524427c9f8fa340f03db6fcb8d8e384fbf7b8bdb509ce0f6c0eae31853f686d2c441dd456b390918ab8ec75f4f940e433ed095a8

      Download Submit

    • C:\Windows\debug\tuehost.exe
      Filesize

      198KB

      MD5

      1ac7a0a8ce1e0d651400e72ae204f213

      SHA1

      b09cf2318bd5bd6f202968e4ae99282339405a53

      SHA256

      e0e0acfdb5864fa7c44f89e0109087f33757c852ad009e9fdfa62c49aa37d030

      SHA512

      c61b01460207869d3c4cc9fb524427c9f8fa340f03db6fcb8d8e384fbf7b8bdb509ce0f6c0eae31853f686d2c441dd456b390918ab8ec75f4f940e433ed095a8

      Download Submit