Overview

overview

7

Static

static

3

1337cded11...d6.exe

windows7-x64

7

1337cded11...d6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 08:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1337cded11ed38a6116c38a4701027d6.exe

  • Size

    284KB

  • MD5

    1337cded11ed38a6116c38a4701027d6

  • SHA1

    2227d2a27af8f8e150ecc4c06de206ca612523dd

  • SHA256

    4f014748bdc0f0b604c411460d04bc342061bd561e041b90a58e1547682f7244

  • SHA512

    6867f4592288372988b980b0d5c95d9cccf9bbd6d51204508492b8bf261d4e2f5bdbc67cf4ee44093b151eacf06dddd1d3403bf90d80154a03de64961d000db3

  • SSDEEP

    6144:4nFYTcANLe0aOk1tkTMkonIVfErSTxQzyM9y+6FwcLTVDxQE1Uyl:4CTcZLOk1tkTMRUfnweTVDeEGG

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1337cded11ed38a6116c38a4701027d6.exe
    "C:\Users\Admin\AppData\Local\Temp\1337cded11ed38a6116c38a4701027d6.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" c:\4c16f350-c8cb-4ef3-b348-8a3b7673e689\start.hta
      2⤵
        PID:4152

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\4c16f350-c8cb-4ef3-b348-8a3b7673e689\InstallerHelper.dll
            Filesize

            132KB

            MD5

            8759f10573430722009470731babfa04

            SHA1

            394b6e05145a8ab36a0a1d445b46511d729c7b18

            SHA256

            147f1dd5d69e4eee40c77a5198268b2071b3d234b193bd5ce531aeac26ab1da4

            SHA512

            aa1f0749e79e3f7da07ee059d183412950999738b5c986670a293c71babf2f23a2ca2757b9ec5a9e492c44ee4e0bbd9703ddd3a9f2ac60267397c196e3a2865f

            Download Submit

          • C:\4c16f350-c8cb-4ef3-b348-8a3b7673e689\InstallerHelper.dll
            Filesize

            93KB

            MD5

            170fab33daa7d6e62c6592969723235b

            SHA1

            b78953ed3bb1f7cabcfc982a662137ecc827fba6

            SHA256

            8d810563badfd0ae6ba24275e6a0b7e3bd2688ea40551a48f9a8e19aa49092ec

            SHA512

            f0de4257557f451fa03a453c28b660188b01c8643a794ce4678f7306e9452c16a11c4110b8975677fde78e4c41a5b5746b3b84f52b485055cfcd70ff4df2cce4

            Download Submit

          • \??\c:\4c16f350-c8cb-4ef3-b348-8a3b7673e689\loader.gif
            Filesize

            1KB

            MD5

            e88ebd85dd56110ac6ea93fe0922988e

            SHA1

            684a31d864d33ff736234c41ac4e8d2c7f90d5ae

            SHA256

            379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

            SHA512

            211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

            Download Submit

          • \??\c:\4c16f350-c8cb-4ef3-b348-8a3b7673e689\start.hta
            Filesize

            1KB

            MD5

            db4ada697fa7a0e215281533d52578e9

            SHA1

            fb755ea8371edf5065dc53e21eb413603f9eba7f

            SHA256

            f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

            SHA512

            9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

            Download Submit