Overview

overview

7

Static

static

3

1a0ee408ea...39.exe

windows7-x64

7

1a0ee408ea...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 23:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1a0ee408ea1d96cac957e8ad2e8cdc39.exe

  • Size

    416KB

  • MD5

    1a0ee408ea1d96cac957e8ad2e8cdc39

  • SHA1

    0318475908957f86990ad49479c885d8ee2bb5e5

  • SHA256

    b98031bc2c8c02c38228b6304d2fbdd3ec1e2c60168527d3d95b7e82abfc991c

  • SHA512

    75d54970344da32ed53da39f96f6a820d9a9919f4d6a284a064e4425769356b20a754c597f5bc00ab3a98fd939e44be69c3ce1b1da78fad9c1b58f0643060704

  • SSDEEP

    12288:gutrzh9xOXkggyeXFI7PfOnjPKIkmC70bks2:gutr5OUggyVrfOjSd7kX2

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a0ee408ea1d96cac957e8ad2e8cdc39.exe
    "C:\Users\Admin\AppData\Local\Temp\1a0ee408ea1d96cac957e8ad2e8cdc39.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\Plugin de Seguranca.exe
      "C:\Users\Admin\AppData\Local\Temp\Plugin de Seguranca.exe"
      2⤵
      • Executes dropped EXE
      PID:5068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Plugin de Seguranca.exe
          Filesize

          236KB

          MD5

          1913b70825b2f88d4f95e25dd379fdbb

          SHA1

          d2075f25bab2d22cc68fbdd200b03fef1f5b8c95

          SHA256

          42e94c706c63dcf44f6b67a7719336a7e8f8c0d554294ff6fe76006208424cc1

          SHA512

          3f19b70ecdc5640dd5bfa2a0c8c9a2153305ee49deb7971693ced766b2e87243a616cb102cc9186205dbd18f4202d522d70b050f5873ec6192cf0281bfa5fcef

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Plugin de Seguranca.exe
          Filesize

          163KB

          MD5

          6fc2f6e1e1f27f243bcb2da7f323f3f5

          SHA1

          122cb3caeb5d132b12925f6cb7edb4df0a1b0a79

          SHA256

          0869fa13371f143b5f8dd3e31ad64e7066a865723f175d4d7915d861b7ef768c

          SHA512

          13ca0ae1a618e1c0fdfc8a8adc8cc6a3168a23d1b36595740e87da288873d6ef877994611620c20d09f69d264aed75095a129a81fabaefac5113c69ac2239f96

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Plugin de Seguranca.exe
          Filesize

          104KB

          MD5

          b75eff05631eea874518eb415b724c2c

          SHA1

          87ca732f26ea26f3c7d53e0d17bc537fa7e0d42b

          SHA256

          7bfbeb644b0f0fb4244d4cc1076fa9a80f2b32a5dfb65822d6adc12e6510d57c

          SHA512

          074b8e0cb5c9fb3c01e60bf8542b2283355f6dbb31197ad2847a178cc01f36b4e355d71f2643b089fac01f156ecfa09bc9f30ee502054d4a45c22e23e4ba750c

          Download Submit

        • memory/5068-9-0x0000000000A70000-0x0000000000A71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5068-10-0x0000000000400000-0x0000000000678000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/5068-11-0x0000000000400000-0x0000000000678000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/5068-12-0x0000000000A70000-0x0000000000A71000-memory.dmp

          Filesize

          4KB

          Download