Overview

overview

10

Static

static

3

781b2e40be...62.exe

windows7-x64

10

781b2e40be...62.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    781b2e40be0ce086c316a6841aebd662.exe

  • Size

    68KB

  • MD5

    781b2e40be0ce086c316a6841aebd662

  • SHA1

    aa50e4fcff256552fe8e8a83a0e351d7e61c1c23

  • SHA256

    75f8f1e92afd7b227f60ff56bed6d9e22768488bc1746427d5eb090c0f895241

  • SHA512

    5fe014a3d94fafe991769fc9a85e728e1a8de86e78a1bc552792f14846a193bf3eed1230b9660cd95689962fdb3e38a8a099e3a69e19a9a6335fd1b32ca890a6

  • SSDEEP

    768:bcvliTdOYAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:AvIxbAcqOK3qowgnt1d

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\781b2e40be0ce086c316a6841aebd662.exe
    "C:\Users\Admin\AppData\Local\Temp\781b2e40be0ce086c316a6841aebd662.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\Admin.exe
      "C:\Users\Admin\Admin.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Admin.exe
    Filesize

    68KB

    MD5

    0621544970057d4b53cd1b09b2916e77

    SHA1

    49c3d1929b2ef2120cb5ca0ea8d42552ee350921

    SHA256

    e8cb618694ef880686355e975258311a8de3c18d18355481ac95d6b7fdbe268a

    SHA512

    e3779c796c8710ae503c5ff272ce03ca0c64c78034026f06215e51c727a532de4c1c88e278d2108c2ee04acdc65a568e11a45e1b53954cae2b787b97c0c76a53

    Download Submit

  • memory/832-33-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2188-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download