Overview

overview

7

Static

static

1

Avenge.ac.client.exe

windows7-x64

1

Avenge.ac.client.exe

windows10-2004-x64

7

Resubmissions

19/11/2023, 06:05

231119-gs97ysha44 7

19/11/2023, 05:39

231119-gcjp3ahh2w 7

Analysis

  • max time kernel
    27s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/11/2023, 06:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Avenge.ac.client.exe

  • Size

    9.8MB

  • MD5

    b814b02b559364976d2087c4b42dec3d

  • SHA1

    f9bf8e6b10c21b11bfc1688e17f93f5ed22ab4da

  • SHA256

    a5f71a0f0673b86c36bee75aeba8bc790c7a1b922ebb2e45c90736e9a7051306

  • SHA512

    e760dc68a01a364b9da7c0a0504736de7b47cf0057fe8c7700601d575ca5100f137c376910310520a078bd7369f50cb8e3d2d487e47664d6f880127dbce5f7e1

  • SSDEEP

    196608:Pox/SmDbV7FPFZjNOS+meyze4sw/aEDS/yTrEcr0yJhmaW0Ivo/kRSu4oGtYg+c:PoxhDJ7xLNOS9ey3nD6mr0UhFWXo/Mmv

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Avenge.ac.client.exe
    "C:\Users\Admin\AppData\Local\Temp\Avenge.ac.client.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C echo Avenge (error)& echo. & echo failed loading module: D3DX9_43.dll & pause
      2⤵
        PID:3840

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1216-0-0x00007FF9FB510000-0x00007FF9FB512000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1216-2-0x0000000140000000-0x000000014158F000-memory.dmp

      Filesize

      21.6MB

      Download

    • memory/1216-1-0x0000000140000000-0x000000014158F000-memory.dmp

      Filesize

      21.6MB

      Download

    • memory/1216-6-0x0000000140000000-0x000000014158F000-memory.dmp

      Filesize

      21.6MB

      Download

    • memory/1216-7-0x0000000140000000-0x000000014158F000-memory.dmp

      Filesize

      21.6MB

      Download