Overview

overview

7

Static

static

3

24b30b119e...9d.exe

windows7-x64

1

24b30b119e...9d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    168s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24b30b119e914fff3873abc24df18e9d.exe

  • Size

    465KB

  • MD5

    24b30b119e914fff3873abc24df18e9d

  • SHA1

    112092760378fd6a0cf11343a4706d87743afe88

  • SHA256

    bd2dfe4e4765b7ddf5b7bacbe87030e11230c8c69857beae98d809cf0c9ae749

  • SHA512

    ddee9b36eb2ef7ac806cb8ab1e1f156d37198a687a3a93e828cd1837f6dd89cd3da8314eab5485523486ab44a39cf743094b9e047620e23db5537d0e888d9e89

  • SSDEEP

    12288:gutrzh9xOXk6j09umTpQewOHcEFdDRV8795Lemo:gutr5OU6jQumTpQewIxV87XLo

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24b30b119e914fff3873abc24df18e9d.exe
    "C:\Users\Admin\AppData\Local\Temp\24b30b119e914fff3873abc24df18e9d.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4332
    • C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe
      "C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe"
      2⤵
      • Executes dropped EXE
      PID:3140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe
    Filesize

    2.6MB

    MD5

    a1306af02016a7db994cb9541da60831

    SHA1

    fc50bc311e6b4a42588c33004f784bcd3418ec6c

    SHA256

    0eb51c6466cb26c93694cb594cf2d40cb7ac3a4589234f9139453c79b5186a3d

    SHA512

    a4ffea236ff47986bafb3f6454e6a93c402de78a418633d7b9c9c8a1e8d7bce4eab66aaec385457230bf5cf115d8cc8bc24e6ca550a2932774ddb421713209b1

    Download Submit

  • memory/3140-9-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3140-10-0x0000000000450000-0x00000000006F1000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3140-11-0x0000000000450000-0x00000000006F1000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3140-12-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

    Filesize

    4KB

    Download