Overview

overview

7

Static

static

3

1009ea531d...ae.exe

windows7-x64

7

1009ea531d...ae.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 11:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1009ea531d3d797473a9dc83253ccbae.exe

  • Size

    14KB

  • MD5

    1009ea531d3d797473a9dc83253ccbae

  • SHA1

    9a71c4e1ee8985e31daf199c0949ea5f04029e72

  • SHA256

    ef0c9f16b25112683141dfb647fe35ff5889a432070769fb0ec9893f20828180

  • SHA512

    60e651930504f3d3fec18ce1f89a105a02bce3785e4fd6cdc923e4d06916bd298bcaa24198e0d73e535819354fa90d6754aa4e1ebcd4d6d6c53a673040a2ba29

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yh4cU:hDXWipuE+K3/SSHgx8

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1009ea531d3d797473a9dc83253ccbae.exe
    "C:\Users\Admin\AppData\Local\Temp\1009ea531d3d797473a9dc83253ccbae.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3352
    • C:\Users\Admin\AppData\Local\Temp\DEM3BC1.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM3BC1.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4508
      • C:\Users\Admin\AppData\Local\Temp\DEM926C.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM926C.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:572
        • C:\Users\Admin\AppData\Local\Temp\DEME8BA.exe
          "C:\Users\Admin\AppData\Local\Temp\DEME8BA.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:3204
          • C:\Users\Admin\AppData\Local\Temp\DEM3EE8.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM3EE8.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:564
            • C:\Users\Admin\AppData\Local\Temp\DEM94E8.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM94E8.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:2212
              • C:\Users\Admin\AppData\Local\Temp\DEMEB17.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMEB17.exe"
                7⤵
                • Executes dropped EXE
                PID:2288

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\DEM3BC1.exe
          Filesize

          14KB

          MD5

          fd20ad801fe7da043c8d7631d38d78d3

          SHA1

          3627ea59e7b546a63647ef7cabad9ac73db7c927

          SHA256

          4f513dc3a37bbcdcbbf005f4d82019128483fc1aa6184366d61d3f233baedbc6

          SHA512

          5eb65d23004787acd8c2878ef8bc3a7a47273eeafe061c7e8ba09ac5d77ab0658fdaf9b55d02e47632acb58b9d73be2566da6925a420e4d48f2cb2ec08cf3d92

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM3EE8.exe
          Filesize

          14KB

          MD5

          1bc1178a135713e5b984aeb6bedd86a6

          SHA1

          5dc7710e6266e2d34cdfb3114b2e22cb37e78a25

          SHA256

          1a4700c6c944bd8ef00aa81dd1fed2ff9c8be3ee814410ebf3f2e2c29e1fd882

          SHA512

          d191e3cf757d5220e4b68b2c7dd467949aaa94c77bd6a6918f4882a83eeda21c6842a5728347c9064c476287cddd730d929741c98998ffe4ef2e560c1cd74a71

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM926C.exe
          Filesize

          14KB

          MD5

          55199ad973629b3c823d077ae11aee10

          SHA1

          cfa082bbf6e4e200cc8d1969df2425d0e4c34e7d

          SHA256

          9ec34d12275c1268008995b3c145d38e74f91654ce21ad577f38db4df9a55fc2

          SHA512

          77e221e2a2a61b108159b1779f55d566f88d85d7e69322397a867b42351ba18837ca7aaff45a7e6865e3b751d7e008800a408fd02dd536443dfef4510d35335e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM94E8.exe
          Filesize

          14KB

          MD5

          c2f008b1fb56378818f57e4eb413dd8f

          SHA1

          873ab071e1fca9cc7059bfc2796041b6b6a47657

          SHA256

          7bdddaf25ad71caae372baf5a991c6dc438e30b9cdd0119d667a247c15982023

          SHA512

          bfc97f1e6e467ee6dc45946c1cf72ecbdbd6068d4c1c809382ea651d4acd0bc98aeadf96f83ad73c3f067ef41e9cb9d0f80ab2a6c9153b6e7c71ca767c2a7432

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEME8BA.exe
          Filesize

          14KB

          MD5

          ca181d0e7bf6aa4bb5b3296e9470fc21

          SHA1

          8ecc0405ffc0e114603840d7a842b670ddfb3966

          SHA256

          79864d0dff25da3fcd723606a6cb499c9db096e8a9dad6986ca2b482f3331652

          SHA512

          0d8b7674b14e8afe5b6b7f340d5519e645c151be047c71492d9bff1b6c0dd55ab130f0fa1181c2d1d6640652cac3e1db3a0cf3e57369fba68c22da165465ebad

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEMEB17.exe
          Filesize

          14KB

          MD5

          f8c6cc5f341c7a8d33e82937b3a1e243

          SHA1

          2b5b050a5176ba3e8a8254c5d231bbdb56605d4d

          SHA256

          f4b3f813b4a57decd044274613b3da69c400a506302774e701fdead02f5ff0d6

          SHA512

          33a189d101b8c77a32eb137b93bc79c1f079ab2b73db1a410022dcacd0fd4f9f2834f1d493bd877ea486c70866e3d4c42e8a28d7fed14f40a09204f33ab3dc19

          Download Submit