Overview

overview

7

Static

static

7

df691dde59...10.exe

windows7-x64

7

df691dde59...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df691dde59291e5ee46526b807d13910.exe

  • Size

    1.4MB

  • MD5

    df691dde59291e5ee46526b807d13910

  • SHA1

    7393ec37f034e167de0008d4e5ed4db06827770f

  • SHA256

    76ca85b6f3b8188dd30fcb2e1e8c2db278c4d9b5c739a742b94378684ece3ed4

  • SHA512

    0feb52a07680fcdd1e69ccb002dea56da5a41c9d1a29beadc1fc402fef26c7f606cd96893508c9f4390d5ec71dbd840f0ce282eba9a16fc9e1401c8fa34b9e00

  • SSDEEP

    24576:lYTTGaM6TB9J3OkULQzJnomiOf4PkWuSi/yPef0pfWwIMprcGzg2qqp6xGr8Dyxe:FATB/3q+oTOf4NEoh3pJF8exe

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df691dde59291e5ee46526b807d13910.exe
    "C:\Users\Admin\AppData\Local\Temp\df691dde59291e5ee46526b807d13910.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\RUNFIRST.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:380
      • C:\Windows\SysWOW64\mode.com
        mode con: lines=60
        3⤵
          PID:4732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\RUNFIRST.bat
      Filesize

      14KB

      MD5

      a4d07b37bc7f6e121c0110d848ab65c6

      SHA1

      deb92144dda5f73b85e1b8dfa5d0eb076e952d03

      SHA256

      0d2feb7e7ffd55f0cd2fe21e18865658d44696ce23b820aa3606d8c45242b13b

      SHA512

      c6c685905e840b05c1940072676e0a533493de185c6bda22ea2a825f392b39f0452a88b1c46fcd9417882a19515b5dd502c4b71ac82b5259147a36b7226967ae

      Download Submit

    • memory/1424-0-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1424-160-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download