Overview

overview

7

Static

static

3

5b39b99d88...e2.exe

windows7-x64

6

5b39b99d88...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    159s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b39b99d88d737d2f841234eecb36de2.exe

  • Size

    207KB

  • MD5

    5b39b99d88d737d2f841234eecb36de2

  • SHA1

    f40cbdaacc5f6e54d893fbd049c70bdd0d1115d8

  • SHA256

    d4d43d221626db3343cbd2a78a6be9cf19659bd7c0269d660a9636419963b6ec

  • SHA512

    79a4cca205db7f5b83e028951d0c7dbdf5688fa6cea7fcad4d2adc50fe96f70144e5b677df8aabefc2ed1ac237de350bf79fbe8f812851c8f760b7058f8efdfc

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8rGpjBFy11ot:o68i3odBiTl2+TCU/RsHk8F

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b39b99d88d737d2f841234eecb36de2.exe
    "C:\Users\Admin\AppData\Local\Temp\5b39b99d88d737d2f841234eecb36de2.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4932
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      PID:380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\bugMAKER.bat
    Filesize

    76B

    MD5

    44d3985106ca5cf50f52a91bf24624dd

    SHA1

    9ac0f394d929e227b41504bd63189c4e3be8c336

    SHA256

    5cf9b947e98d92107d8661acb39e1d99171542da98a065725e83ea352c0cddad

    SHA512

    6fde96a1de9aa7fde5577fa844bfc0b6178d332600d949a0307a36d7e1c8805c40df96b628ac11a13c4f371d0a25e41955fa1c36a98c3ff13bc89a9884cede50

    Download Submit

  • memory/4932-24-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download