Overview

overview

8

Static

static

7

07309db619...de.exe

windows7-x64

8

07309db619...de.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 23:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07309db619f1e83a147640ea0956b0de.exe

  • Size

    808KB

  • MD5

    07309db619f1e83a147640ea0956b0de

  • SHA1

    d8cd86ddf06b933e6d25d1dfaa05e38986d03cb9

  • SHA256

    852bb9f9d2503697f87e7a1745021ace532a27c57aa208d491aed11ce5ed4ad7

  • SHA512

    8a4842e6fa3bc0692798ec9a3ead0b2f11446a4c603cb903febb47dcdf462a7c5d26554a0c8f3684e906dc894d4e5d7a362a23f0df204eb08e0976a2590a44c8

  • SSDEEP

    24576:mFHfHCvj8p2IG5ET3VQGSQeIbSkNW+gWGc3:mFAWGnGSCS2W+HGc3

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07309db619f1e83a147640ea0956b0de.exe
    "C:\Users\Admin\AppData\Local\Temp\07309db619f1e83a147640ea0956b0de.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\2.exe
      "C:\Users\Admin\AppData\Local\Temp\2.exe"
      2⤵
      • Executes dropped EXE
      PID:2456
    • C:\Users\Admin\AppData\Local\Temp\000.exe
      "C:\Users\Admin\AppData\Local\Temp\000.exe"
      2⤵
      • Executes dropped EXE
      PID:2528
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2456 -ip 2456
    1⤵
      PID:3752
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2528 -ip 2528
      1⤵
        PID:2772
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 312
        1⤵
        • Program crash
        PID:4656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 312
        1⤵
        • Program crash
        PID:4360

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\000.exe
        Filesize

        94KB

        MD5

        d12fa01ca1ce31dc26078abdfc4bbb8e

        SHA1

        e8ff48ddc9ceb64a797505f84870e916772118cc

        SHA256

        9757dba0f24b8e776a31dd3ae82b9be3592d32bf1f8e4f1b985d67f884b8249f

        SHA512

        ba26e7ca4c6e7af502ecf88daf82058d4d549466120607a717064804ebfc18c85cbc7fbb6ff2a6443811c2e636c963efab86399e9c22502a2ec7c7dca3c0a412

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\2.exe
        Filesize

        92KB

        MD5

        d2b6fd77509489153d410a26288d0426

        SHA1

        1fe7f9c892735150b5cac6d652d7fd21970a17ac

        SHA256

        187240ceeaa1f8326ee7b77ab51a8a22ce3da261883c431b53cb8aadd76d6560

        SHA512

        4619ac311b496fd0d264d92b417630036f8878b1c5fa9beb562829c49a42af646428e5dd497c7d62c6fb6d41894be28ffc1804fad02301f7883d618323daee06

        Download Submit

      • memory/1744-17-0x0000000000400000-0x0000000000429000-memory.dmp

        Filesize

        164KB

        Download

      • memory/2456-18-0x0000000000400000-0x00000000004DC000-memory.dmp

        Filesize

        880KB

        Download

      • memory/2528-19-0x0000000000400000-0x00000000004DC000-memory.dmp

        Filesize

        880KB

        Download