Overview

overview

7

Static

static

3

d7f129c971...32.exe

windows7-x64

7

d7f129c971...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2023, 19:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7f129c971aa8a6e2318448bef4ba2c0_exe32.exe

  • Size

    45KB

  • MD5

    d7f129c971aa8a6e2318448bef4ba2c0

  • SHA1

    c1b0c5a7a836dc7b15cbca8c0845d67bca539054

  • SHA256

    dc6c74fd7dc4cc61500b47002e79beab4430cbf85d2225f8f58975a0ba1f3a2e

  • SHA512

    1fe71e3a1b42a0e36efa8ecdecce49efa2d08dfbb32c85c750bcb125a39096099ed74a760505ee13910e26f7081abf148522ec6bfae40ab1db2d184cc97a1c33

  • SSDEEP

    768:zTAiYUVaQDKVRRZgqq6UFFAKcls0ceVA18:HAqamKVO6s0hVA18

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7f129c971aa8a6e2318448bef4ba2c0_exe32.exe
    "C:\Users\Admin\AppData\Local\Temp\d7f129c971aa8a6e2318448bef4ba2c0_exe32.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:440
    • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
      "C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
    Filesize

    45KB

    MD5

    2088d1b12293fa4c174061f08d6c0b83

    SHA1

    d4e0762ee16ecaf1c3394eb15a18aea72e85226c

    SHA256

    184c65ea47b518be62f9abe7d9bffeb354ac06bfde108dc356ef272c6d2b3de5

    SHA512

    f0caf8e2dd10426a58ef56ae014b5fea087e905f7b48818fa9bc5210dc98e0e781bdae20b13fed905621488bacb85bd4c5818571eb017aab523826969a5995ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
    Filesize

    45KB

    MD5

    2088d1b12293fa4c174061f08d6c0b83

    SHA1

    d4e0762ee16ecaf1c3394eb15a18aea72e85226c

    SHA256

    184c65ea47b518be62f9abe7d9bffeb354ac06bfde108dc356ef272c6d2b3de5

    SHA512

    f0caf8e2dd10426a58ef56ae014b5fea087e905f7b48818fa9bc5210dc98e0e781bdae20b13fed905621488bacb85bd4c5818571eb017aab523826969a5995ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
    Filesize

    45KB

    MD5

    2088d1b12293fa4c174061f08d6c0b83

    SHA1

    d4e0762ee16ecaf1c3394eb15a18aea72e85226c

    SHA256

    184c65ea47b518be62f9abe7d9bffeb354ac06bfde108dc356ef272c6d2b3de5

    SHA512

    f0caf8e2dd10426a58ef56ae014b5fea087e905f7b48818fa9bc5210dc98e0e781bdae20b13fed905621488bacb85bd4c5818571eb017aab523826969a5995ed

    Download Submit

  • memory/440-0-0x00000000007E0000-0x00000000007E5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2816-9-0x00000000003B0000-0x00000000003B5000-memory.dmp

    Filesize

    20KB

    Download