Overview

overview

7

Static

static

3

092d6e43f5...ce.exe

windows7-x64

7

092d6e43f5...ce.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    190s
  • max time network
    200s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    092d6e43f5ca44d842d39ce6f99b15ce.exe

  • Size

    29KB

  • MD5

    092d6e43f5ca44d842d39ce6f99b15ce

  • SHA1

    5633ed1e2f69daddccd6fe4e01255a6210828e39

  • SHA256

    52a76745a0be36cd5ffbbc60db86fdc3dba05d1253d9803e3a4dfbe04ef0c9b6

  • SHA512

    b83c3781ba4e4be209d09bffae85765218c65353dac86f7bd771d9abd0ec7740b3fbd0a393ec4c76874a820c5070f7e4f5fee69ef77b01a337ca22dd28aff2d7

  • SSDEEP

    768:osJX+vzlGKec5+RZDKzepeNPmG6JX6UOPh:osJElGKecg/DcepeNPmG6JX1G

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\092d6e43f5ca44d842d39ce6f99b15ce.exe
    "C:\Users\Admin\AppData\Local\Temp\092d6e43f5ca44d842d39ce6f99b15ce.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3992
    • C:\Users\Admin\AppData\Local\Temp\updater.exe
      "C:\Users\Admin\AppData\Local\Temp\updater.exe"
      2⤵
      • Executes dropped EXE
      PID:3324

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\updater.exe
    Filesize

    29KB

    MD5

    bffb32a6da1088323001bcbf68c6004a

    SHA1

    64acae7ae2cc252de8a9eb5e4539a2f07328d6c6

    SHA256

    4cb5c0131668d7eaf10d4f8131c04edf514dfc20f5a5433fcbb87aeb22ed538b

    SHA512

    a1a0a103ad47e43881b83c3799978566c4f197e83d5b4f1d60b0d711f206d4c6ecae6502499e7c21291a326a2f7bf0a9a5bf80dff987f3c2be34097dacfa7084

    Download Submit

  • memory/3324-13-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3992-0-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3992-1-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3992-2-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download