Overview

overview

7

Static

static

3

0d93c388ee...24.exe

windows7-x64

7

0d93c388ee...24.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 10:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d93c388eee6b2d7ab896cb812f69d24.exe

  • Size

    208KB

  • MD5

    0d93c388eee6b2d7ab896cb812f69d24

  • SHA1

    f1544b497ebaefd07ae48aa57b590979354fa429

  • SHA256

    a7d2c661e30b77e9e78fd52baa8ee37e73846ef94dba02950fc21f594d5b575a

  • SHA512

    1e850584fa31a921e13d385532febff941505fcc37c82dec9dfb921fc53fa3ade6ec62119bdcc1298634cb56480f882e41de7af0f9ac5784c4fa0f7a3a830609

  • SSDEEP

    3072:JO+bY++73VQdqPg7WqD+NhGJZstCVH9xGSp+BPq19XAHtUcmzQ:MWWzcJZs0d91WPquUcms

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d93c388eee6b2d7ab896cb812f69d24.exe
    "C:\Users\Admin\AppData\Local\Temp\0d93c388eee6b2d7ab896cb812f69d24.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3964
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "IEMontior" /tr "C:\Users\Admin\AppData\Local\IEMontior.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3724
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /sc minute /mo 1 /tn "IEMontior" /tr "C:\Users\Admin\AppData\Local\IEMontior.exe"
        3⤵
        • Creates scheduled task(s)
        PID:2092
  • C:\Users\Admin\AppData\Local\IEMontior.exe
    C:\Users\Admin\AppData\Local\IEMontior.exe
    1⤵
    • Executes dropped EXE
    PID:5036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\IEMontior.exe
    Filesize

    208KB

    MD5

    d3498271b5959e19d11edf9c7db2428d

    SHA1

    dc7c717c419c0ffddc896c018705ef7ed0c978c5

    SHA256

    164421f4dbdcc679ccf6e8d7ba2a19abfcf4aea7bc885b7e5ae2ac1b83b2a870

    SHA512

    8dfc9ee7f8a2c128ff77460c2654786c2111555113f94834a63d28e978388ead1bad7bedfb8ffd01d4abe60ac8722c3afeda7c492c010cb919f63e5785adb03b

    Download Submit

  • memory/3964-8-0x0000000075200000-0x00000000757B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3964-2-0x0000000075200000-0x00000000757B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3964-3-0x0000000075200000-0x00000000757B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3964-4-0x0000000075200000-0x00000000757B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3964-5-0x0000000000B80000-0x0000000000B90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3964-0-0x0000000075200000-0x00000000757B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3964-1-0x0000000000B80000-0x0000000000B90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5036-11-0x0000000075200000-0x00000000757B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/5036-12-0x0000000000F00000-0x0000000000F10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5036-13-0x0000000075200000-0x00000000757B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/5036-14-0x0000000000F00000-0x0000000000F10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5036-15-0x0000000075200000-0x00000000757B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/5036-16-0x0000000000F00000-0x0000000000F10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5036-17-0x0000000000F00000-0x0000000000F10000-memory.dmp

    Filesize

    64KB

    Download