Overview

overview

7

Static

static

3

15d18c82ef...13.exe

windows7-x64

3

15d18c82ef...13.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 10:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15d18c82ef768e0adcee1b00663d3213.exe

  • Size

    126KB

  • MD5

    15d18c82ef768e0adcee1b00663d3213

  • SHA1

    88e8e7f50ef32f3b96f291ce00858fe7c89c5c28

  • SHA256

    7b9fb21bd78d83bf55da96aee41b437f8ae8e6b093eb113c1b1331b2c205d544

  • SHA512

    0b8cbe2809cbc7c9bc4b19c30ec98400e9338340c8b3a85a02ff3a3a2b21981f43380d90e916cc1bb34476c619048697166bb0444e084d1e9beae251acee458c

  • SSDEEP

    768:aQLOUpA2Hgf+v3wBFrDcnKFyca5UBkuJslzxAIZ8IoQCU+j69Ci/bKQ2MC7mOJoH:aPmggwBNl8yku2ljM0jeQ2MK

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15d18c82ef768e0adcee1b00663d3213.exe
    "C:\Users\Admin\AppData\Local\Temp\15d18c82ef768e0adcee1b00663d3213.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Wvf..bat" > nul 2> nul
      2⤵
        PID:4628

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Wvf..bat
      Filesize

      210B

      MD5

      e8c2c7db29c92099345ee278a54f9526

      SHA1

      e290855426ed0df949b2e7d875dd496c947ec4dd

      SHA256

      6e957e059b424188fcdb3dbcd0f13d9cffbac4a934f1ea45f175b4bef451ad4c

      SHA512

      11c8e45095e70c2a7896da85ddf64b1a1a27cf0859badad94f213e4252ec63aec60242e4091202e1d428971ff52d7edc11c980c77a5c14856d33b6c4fb3fdf7b

      Download Submit

    • memory/4784-0-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/4784-2-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download