Overview

overview

10

Static

static

10

xpKemuNsr6Zc.exe

windows7-x64

7

xpKemuNsr6Zc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2023 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xpKemuNsr6Zc.exe

  • Size

    483KB

  • MD5

    2fb8c581cf0bb31a95221b308d654e06

  • SHA1

    7415c98c6355db123a7960bc0435a01228df5766

  • SHA256

    5883f823c20dba07b8340163a93128f2b056805c441ad7a7162d139e82c503b6

  • SHA512

    f237b15b43779c0d2a74dff96b8f5df9b6e6577bfdc3a9c2dfd5a2d6829fdffa2ad5f16ecd63afc39255ec5ba09ef6c087cb3b7c7764d5ae0697d20e04f3d67f

  • SSDEEP

    6144:+/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7z7ov:+/uPq3AfK496Gw0lwGXN3pvs/ZuW8v

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xpKemuNsr6Zc.exe
    "C:\Users\Admin\AppData\Local\Temp\xpKemuNsr6Zc.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\rjgicfbkkf.vbs"
      2⤵
      • Deletes itself
      PID:4720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rjgicfbkkf.vbs
    Filesize

    520B

    MD5

    5101f8ee94d23ad2cb187f7cf2a22fff

    SHA1

    419f36bafa97df0a65d0fdb9a0c9c2daad5ec9f1

    SHA256

    cc731485edd7f8dca91873b9bdb6f19bac9f1d5ba3b3fc3ed1e499ae6dc6a622

    SHA512

    97b6ac6bb8d578d9b9d3254601f96829ae6e0f8f0ac852ecb26a5f7d747122fff215609733a78eb07c68546bbfa16d732eb77c64a534090ad2b109eec8d495eb

    Download Submit