Overview

overview

7

Static

static

3

1f24e56bf5...f2.exe

windows7-x64

7

1f24e56bf5...f2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-11-2023 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2.exe

  • Size

    508KB

  • MD5

    05bbdace6e91be582fd85146c90c8008

  • SHA1

    909625e968ffc5ac104cc5ac3d69c9f14e8fa75d

  • SHA256

    1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2

  • SHA512

    565f205f1ae9cd044bf1823d9d545f32e4b1cd8b9f87740aab80c79d78b24171092abaefa288ba9955e736408198eb02763cc719062c385967b87f34f46ab180

  • SSDEEP

    6144:OW0J07EHxsWKKCbrZXDbI33z5P/kjguInr39tAOLPvI1ILz:V4CWKKCrZTGF/k8uMxtxPvvz

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2.exe
    "C:\Users\Admin\AppData\Local\Temp\1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2.exe"
      2⤵
        PID:3056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\tkjsidfsd
      Filesize

      48B

      MD5

      f1766b32d31b38fb0a84bb554a3989c2

      SHA1

      6d5bb0bd713ba2b53dd9b8b1c81474663df19711

      SHA256

      0f3ad8d54f055f373c818609ec84f4fddc9c89e222c3d8e1f63c3ca54b2f2ada

      SHA512

      1b73488d6f6a7dd91512e443403b231f98b429bc765dcf1b2aba601473ff4fa0f464ba1f87737c8330693976d55836b8ca07b7296a702a16791437861a4d12da

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      48B

      MD5

      f1766b32d31b38fb0a84bb554a3989c2

      SHA1

      6d5bb0bd713ba2b53dd9b8b1c81474663df19711

      SHA256

      0f3ad8d54f055f373c818609ec84f4fddc9c89e222c3d8e1f63c3ca54b2f2ada

      SHA512

      1b73488d6f6a7dd91512e443403b231f98b429bc765dcf1b2aba601473ff4fa0f464ba1f87737c8330693976d55836b8ca07b7296a702a16791437861a4d12da

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      121B

      MD5

      242eed75da3edd62585b0f33fe769608

      SHA1

      19d8ffa02d2a99cb20b947b0fdcd9ec6f5dee0f0

      SHA256

      afc3f8c374e4fde801d8a73f82c93b2ea80843a253b281951e5a58812d91c4c5

      SHA512

      bd69b2bb56a28992ee8c6995cd9f02870e30b0cdb515f9e40053389b78e47d6b8a4c87bdfa2d37da834de03e0d30527a59d69052cd3e77ee4885f11ea66c2295

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      121B

      MD5

      242eed75da3edd62585b0f33fe769608

      SHA1

      19d8ffa02d2a99cb20b947b0fdcd9ec6f5dee0f0

      SHA256

      afc3f8c374e4fde801d8a73f82c93b2ea80843a253b281951e5a58812d91c4c5

      SHA512

      bd69b2bb56a28992ee8c6995cd9f02870e30b0cdb515f9e40053389b78e47d6b8a4c87bdfa2d37da834de03e0d30527a59d69052cd3e77ee4885f11ea66c2295

      Download Submit