Overview

overview

7

Static

static

3

5a2f5a2081...a1.exe

windows7-x64

7

5a2f5a2081...a1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 03:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a2f5a208154d70ae95a1d93c12773a1.exe

  • Size

    22KB

  • MD5

    5a2f5a208154d70ae95a1d93c12773a1

  • SHA1

    7b1b5f41401f1eef78cd16ff148f6c5f74f17fee

  • SHA256

    22dada54a2964a95eac68bd706d023849e0c8e9f35bf9b557b4db4e47903faac

  • SHA512

    8033e27b6ecbf13c36120350679df9f5b42f1095ef7157a9d7563bb70be08d35a88a860597f8c937ebd291e4e8793aa0f7482eb4af2ac49abe3dad956de3041c

  • SSDEEP

    384:7VG/EvX8tHEnD+rPkChwWtUIyipVyb8NKe:7I4DD+LzrnVmZe

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a2f5a208154d70ae95a1d93c12773a1.exe
    "C:\Users\Admin\AppData\Local\Temp\5a2f5a208154d70ae95a1d93c12773a1.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Users\Admin\AppData\Local\Temp\fahik.exe
      "C:\Users\Admin\AppData\Local\Temp\fahik.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fahik.exe
    Filesize

    22KB

    MD5

    d9fb20e1175badfd3d7093d17a9ff4f2

    SHA1

    f9cd9a6cf5fe750610e03ec622fc5cb420708cbc

    SHA256

    fb369d2fa7d44c8db0292eab1bde72d4bfda2c5493505399d0176b84474a6421

    SHA512

    15965781ae6bed2beb43c6dd335dec545897c3b845cfa52b8943a9a0f9f3ecf435e2c8543f1a83b7fea304193f935f07c8e6346bc42acd4c600ea8cccb590b28

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\temp23.exe
    Filesize

    70KB

    MD5

    1c78cf4cb43f108e667aa4cc1efefb8d

    SHA1

    6ae5f94fc7482ed6139312fc9799d57bc8f48817

    SHA256

    6a1f3879a4385ec2dd8d83e57baab9893bf8b8b976c2739e8699cd818d6c7b8f

    SHA512

    85386abb2333c8921f558cfdc8c8ddea7da4f40637441ac24e0a28a9bd4e2a3fdb6a0212ea0161f7578928ddaf1175c6f7ceaf5439eb152448d4b37926e00318

    Download Submit

  • memory/1412-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3812-9-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download