Overview

overview

7

Static

static

3

3306931c3b...0e.exe

windows7-x64

1

3306931c3b...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3306931c3bf63e700b9a68b17c38f40e.exe

  • Size

    359KB

  • MD5

    3306931c3bf63e700b9a68b17c38f40e

  • SHA1

    4f07afb0cf2841ac70b8382597b8872bff946a16

  • SHA256

    11b1ef860b6f96fda645505b901a00f34f3beb0e2d19ced42c05c819145e270c

  • SHA512

    8f1397a8a475d8026759ccaeddc8f070bb14a1bd807d9b3920be8486dc5fdeef518a066cf933bcf8c2629c4179bb6a8ac9e419fe0205533069aaa425f6415bd9

  • SSDEEP

    6144:GsJ/ztsM7fMcLxmH2moRexPxxe+ybgslUZhcgR5AMXMGKB+TK:LFbMc1mH2NQVu+yt6ZhcgR57Xs82

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3306931c3bf63e700b9a68b17c38f40e.exe
    "C:\Users\Admin\AppData\Local\Temp\3306931c3bf63e700b9a68b17c38f40e.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3760
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" c:\6ea302b7-cfc1-4a27-8da0-fb0a15e81336\start.hta
      2⤵
        PID:2168

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\6ea302b7-cfc1-4a27-8da0-fb0a15e81336\InstallerHelper.dll
      Filesize

      73KB

      MD5

      6fa8c679b19ed0004abedbd611ec72d9

      SHA1

      8cd92a8c500760bea6034ef11aa01e005fecb462

      SHA256

      b30dd91183c8c1e218bc3072f933ef81118d3719ad8b09c7bf3c70113bd1ad1d

      SHA512

      2de9e3b1f22153f1ff2c572f78dbd63b79a332921f286772f9a472ab4e11cb60c834502806ca957621ebccaddea89a404e4e45dd97e4d6e58b3208009ed00255

      Download Submit

    • \??\c:\6ea302b7-cfc1-4a27-8da0-fb0a15e81336\loader.gif
      Filesize

      1KB

      MD5

      e88ebd85dd56110ac6ea93fe0922988e

      SHA1

      684a31d864d33ff736234c41ac4e8d2c7f90d5ae

      SHA256

      379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

      SHA512

      211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

      Download Submit

    • \??\c:\6ea302b7-cfc1-4a27-8da0-fb0a15e81336\start.hta
      Filesize

      1KB

      MD5

      db4ada697fa7a0e215281533d52578e9

      SHA1

      fb755ea8371edf5065dc53e21eb413603f9eba7f

      SHA256

      f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

      SHA512

      9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

      Download Submit