Overview

overview

7

Static

static

3

39ce0d1e35...c4.exe

windows7-x64

7

39ce0d1e35...c4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 19:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    39ce0d1e358e215b5c0380627ec7c5c4.exe

  • Size

    490KB

  • MD5

    39ce0d1e358e215b5c0380627ec7c5c4

  • SHA1

    30a2521e36bd28ca3f031ba44f7246a8032e5ab3

  • SHA256

    4c93817b83feae8a47e2174db299dcc968ecbb6f7b2a3c4e6aecee56d645ea04

  • SHA512

    a8e8cd8820eb3c6bd8fd83d087f24c0475d3cfe28e93a503164b4b8f2fe9c3987462a5fe3a3ae234c02139660b188d19513392e954db4ab0fd25c7e1bb33deef

  • SSDEEP

    3072:1828inqN7CMBrm+sCMpFdp/8VetHA2zx5:182xqB8+pkGYA2zx5

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39ce0d1e358e215b5c0380627ec7c5c4.exe
    "C:\Users\Admin\AppData\Local\Temp\39ce0d1e358e215b5c0380627ec7c5c4.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Windows\killa.exe
      "C:\Windows\killa.exe" 2C:\Users\Admin\AppData\Local\Temp\39ce0d1e358e215b5c0380627ec7c5c4.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2140

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\killa.exe
          Filesize

          490KB

          MD5

          39ce0d1e358e215b5c0380627ec7c5c4

          SHA1

          30a2521e36bd28ca3f031ba44f7246a8032e5ab3

          SHA256

          4c93817b83feae8a47e2174db299dcc968ecbb6f7b2a3c4e6aecee56d645ea04

          SHA512

          a8e8cd8820eb3c6bd8fd83d087f24c0475d3cfe28e93a503164b4b8f2fe9c3987462a5fe3a3ae234c02139660b188d19513392e954db4ab0fd25c7e1bb33deef

          Download Submit

        • C:\Windows\killa.exe
          Filesize

          363KB

          MD5

          89b0f0e15855ef06d7d85fc0da06f144

          SHA1

          8681e43be850cb24ac051458d3884ab49d73cf83

          SHA256

          9e868839f7eb1c32db7afc22322d98d8e46540ef81b55f5fa121cb18f9509656

          SHA512

          31882991c048e321b69ea42db64e379002df2c8609da9327750decc97a2b84b5e2ef69b4e7ff50b5ba9331e0bb964e1baac28d9a91f195bef3630e001ea8b2a9

          Download Submit