Overview

overview

10

Static

static

3

09a1118612...87.exe

windows7-x64

10

09a1118612...87.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09a1118612737fc0ee167f2dfc9c0f87.exe

  • Size

    100KB

  • MD5

    09a1118612737fc0ee167f2dfc9c0f87

  • SHA1

    7ad4dd7177647ab11dc629d0b4beb957e05eea37

  • SHA256

    ec7248c45fde9174a4e05d6b7461089e4695ae8330dfd33d986a0f5bfb602bd1

  • SHA512

    8210496b24b4dcf646bed953bca521bac35724286740f693d21f34e4a51fcf3ade611d7758759dd788f33c713b3eb735ea8739dd6fa50c804aafa5643e220716

  • SSDEEP

    1536:zIWCcX220mQKxJKIRGWcOUP7vXArnY1ZqAefzyeshNIjnZ1:0uQ5NAfzyemCnn

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09a1118612737fc0ee167f2dfc9c0f87.exe
    "C:\Users\Admin\AppData\Local\Temp\09a1118612737fc0ee167f2dfc9c0f87.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Users\Admin\faidi.exe
      "C:\Users\Admin\faidi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\faidi.exe
    Filesize

    100KB

    MD5

    7313a4bcb34d1ad46ce60fd000f6a2dc

    SHA1

    2e16af103615d4537a59e4aa4e01e7e313f6c238

    SHA256

    8a50d7f9671b7f5c08f2dbfa3c6365cb59269f9d6a241beb817f212ee9e2b805

    SHA512

    4a4b2a8d2a04b7fdd864d7b2ac062c68900e5fcbcd2fc9702e61eebcd701299135762ad61c799dd237cad09c79d2a9a4dda2d5bd485875463c31a7216f2201e8

    Download Submit