Overview

overview

7

Static

static

3

79535538c6...79.exe

windows7-x64

7

79535538c6...79.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 15:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    79535538c605b530668cd9e15304ac79.exe

  • Size

    296KB

  • MD5

    79535538c605b530668cd9e15304ac79

  • SHA1

    0fa9798e0aa00cbdfcf436bd6b3f95c4d664e6d1

  • SHA256

    4fbf18b6a18e36a57ef07e398330495fae45e7ecea2f7b1ba4d5bc1c10e87146

  • SHA512

    b231500a2161372c17dfcd1247195bdcc262f4dbecfd236f462a6cf519e392d26f33487c57957e58b3fd18a0f320dd2c86259bec384ea140edaa102f17930d59

  • SSDEEP

    3072:qePgCctxGv4QcU9KQ2BBA2waPxhtmolHbjRYM5p:OCctxGsWKQ2Bx5xvjHF

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79535538c605b530668cd9e15304ac79.exe
    "C:\Users\Admin\AppData\Local\Temp\79535538c605b530668cd9e15304ac79.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Program Files (x86)\cf7c6811\jusched.exe
      "C:\Program Files (x86)\cf7c6811\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:64

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\cf7c6811\cf7c6811
          Filesize

          17B

          MD5

          552bb86ed2797d3fd12ac0d273afaf75

          SHA1

          6e8633f9c24590779acbd3dd14c60f856320bc0a

          SHA256

          3ef9ff5da8272fd1b14c83f12c8d28fd9dbf32d56bcb714921032b02557fe789

          SHA512

          dab57227de02f4667cc8e2ec47566088b473caa0387caffbdfde37f3400da7d4f67dd222e83a4fa93592694bbcff7c52a2bcec074868baf221bc47d9370c8d2c

          Download Submit

        • C:\Program Files (x86)\cf7c6811\jusched.exe
          Filesize

          296KB

          MD5

          f4d332c514388deefeafe4cec33db722

          SHA1

          6aae1f7b4f57bf1fe0de080315c8fc19d6926a64

          SHA256

          d298c62d5d9a824dec1d7f61308fdda22154ca2e6dcf7f1dfd06ed6e3bb497fa

          SHA512

          4f151d17f95d50808a8272ce8648d86a97e70c8bd2d722de286598351f8280df0a51eb7fa1014b1383b48a1b473589f0e4f386519207741ca0b5dc30cdf52075

          Download Submit

        • memory/64-13-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/4504-0-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/4504-15-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download