Overview

overview

10

Static

static

3

158dd9397c...06.exe

windows7-x64

10

158dd9397c...06.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    161s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 10:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    158dd9397c99b1341020a74e2e2cdf06.exe

  • Size

    60KB

  • MD5

    158dd9397c99b1341020a74e2e2cdf06

  • SHA1

    b5d8e1df154a2fbff79db1ce1bcd923f6351a084

  • SHA256

    9d7021952fb4dd0127e0e594ebd1c71ce6468c86e9f42adad8c2d3ca0d74f7b7

  • SHA512

    6724ace4598b44f0f0b9ea32bfd52018a068d23badaffa19c3d211ef0339839d722bf34fa1ca53dfa004831ee2d57e54467d8dc3e27a273d8ed8540206f95c04

  • SSDEEP

    768:CL2RkW9MguEa0IZm0UMszDv/pvHeAFIkNcoFIkid+v9fLmq1kKYn6rV4xc9tVspg:CL2/oavjfXH5tS0SIUtNMpsTIkUkHoG

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 48 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\158dd9397c99b1341020a74e2e2cdf06.exe
    "C:\Users\Admin\AppData\Local\Temp\158dd9397c99b1341020a74e2e2cdf06.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Users\Admin\ceawieb.exe
      "C:\Users\Admin\ceawieb.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\ceawieb.exe
          Filesize

          60KB

          MD5

          e6253840b413416bca283e2de90f5b6e

          SHA1

          db4577058059073f34bf58f8ec4dfb343e53025a

          SHA256

          51d18328d4707f7426f5eb69caa47bc75e0a16acf3d23dc2a3ddeea21d7f4193

          SHA512

          dd6bc9373a8d5f0f7c5a33752a5c8c6066de2f29d88727b81dd7e95759924a8337b8589673980ab1c249d05e622442a9cbeb53ac757b6dee396dbd69128a7999

          Download Submit