Overview

overview

10

Static

static

3

277f441499...9e.exe

windows7-x64

10

277f441499...9e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 04:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    277f441499c1fb9ddf4d462c3b443b9e.exe

  • Size

    4.2MB

  • MD5

    277f441499c1fb9ddf4d462c3b443b9e

  • SHA1

    5cf5da3598e4cf139f6e6ffb9a4d32e49ac9321a

  • SHA256

    05263375ffe64e8586c78e8e435007bff1f2a42684d48378eee68c07ba54a80e

  • SHA512

    0ce74ab987eaf7371f79c22afcc16e319781ee7a7fcdcd995fff402788fbaa0e132df529db6e804549556f332ad8d8828e48b7ca8b27a7da22feadc21c09f871

  • SSDEEP

    98304:pKHcMsDndy6iiHrjZE2/mkCUGP18szyTJr:w8dDlNLjpmkC/18ouJr

Score
7/10
evasionthemidaupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\277f441499c1fb9ddf4d462c3b443b9e.exe
    "C:\Users\Admin\AppData\Local\Temp\277f441499c1fb9ddf4d462c3b443b9e.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Users\Admin\AppData\Local\Temp\Jerm's.exe
      "C:\Users\Admin\AppData\Local\Temp\Jerm's.exe"
      2⤵
      • Executes dropped EXE
      • Identifies Wine through registry keys
      PID:4584
    • C:\Users\Admin\AppData\Local\Temp\install.exe
      "C:\Users\Admin\AppData\Local\Temp\install.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4596
  • C:\Users\Admin\AppData\Local\Temp\_ir_sf7_temp_0\irsetup.exe
    __IRAOFF:520716 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\install.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:1872

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Jerm's.exe
          Filesize

          149KB

          MD5

          b4126a99684b3162ccad37711bde0fd8

          SHA1

          3824b9f6d07bda126635d60c6c17a93902b93848

          SHA256

          8d2f202e525d386e5397280c22d5aa7b6b0a2e10f161000ecdb498e66da77ecf

          SHA512

          f3a18a8d5cef26a37c443ac5154ed25b3f1a445f0c1afedf93301fd4710f57cc01f6cbc7a8ed1f044f48525bd2fec01e2ac04c3e16ae2046b25c77b6685857b8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Jerm's.exe
          Filesize

          92KB

          MD5

          acf92d4c1bf3d3fc739589c5a46d9cfc

          SHA1

          ff571a021363a47108dcc159879c75363e5731a9

          SHA256

          3348c36e5853cf5628a6fbb7a569aa41e737cbb2414793cb53becc09753a42c1

          SHA512

          fd74a50a03fb8ebe0284856babd8593178cc263c8c9b41476542f5c5bed81b80639ee1c99af6f2382e02505a5cf9e0aae86191bcc059ae37378c145bcca1bd18

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf7_temp_0\irsetup.exe
          Filesize

          440KB

          MD5

          75ca7ff96bf5a316c3af2de6a412bd54

          SHA1

          0a093950790ff0dddff6f5f29c6b02c10997e0c5

          SHA256

          d95b5bf9ca97c1900de5357743282bab655d61d616606485088e1708559b7cf1

          SHA512

          b8da86f2f1e908955254e5168d0447f479cec7815a8b081a7b38eb87187cb2eb992109c67e006361b96bc1529ee8abc9dc477d78e9ca565e43f5415b492771d4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf7_temp_0\irsetup.exe
          Filesize

          149KB

          MD5

          704bd143fd25f34c6694968e15efecbb

          SHA1

          b5c20ed3d817f73dea0514308124350aa0fb07be

          SHA256

          9e99704843178d3a8127048812de2f82b8b415e84b9a312e2dd43abfc02a9fe3

          SHA512

          4f832bef0e5e3aba83b4afbd36cd4617eb498094353db03ea0976f81475099f94d76cc6c288fb7449f902516e676bace956a479b6bb935804708ba963cdf2329

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\install.exe
          Filesize

          1024KB

          MD5

          495ba7b759947d18c03ffa77d9e8755d

          SHA1

          8cc0b09106f13c6b28cca3d49d58950ea7775ec5

          SHA256

          54edceac227e1307bcb53e27566ac4c2ef084e27c591b2adf19ad028f432ed06

          SHA512

          09c861a65d494183357100499b61d3825179ceee9807133228a6c14ff946e10a30fb00b07b49d44b8b6ab569a19f64ec151dd20168a144c864543dcdd800626e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\install.exe
          Filesize

          92KB

          MD5

          2619a20e8e6591013a84cb7486854104

          SHA1

          1ec6da29bd05085a085ddc00f7e6214a0730bc12

          SHA256

          296e5b6503bc526dba742bad0e5023eea34ff085446e4dff43c2f5b21c78473d

          SHA512

          5922d7dbcdc71253324d320a899774d12ae62acb0689a89e51b4f1363cda747fd5e703b9f80052569aeee8480b69ca8a67d17f04e70c00528c0d83d665de0369

          Download Submit

        • memory/1872-24-0x0000000000400000-0x0000000000527000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1872-33-0x0000000000400000-0x0000000000527000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3160-0-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/3160-23-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4584-26-0x0000000000400000-0x00000000007BD000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/4584-29-0x0000000002440000-0x0000000002532000-memory.dmp

          Filesize

          968KB

          Download

        • memory/4584-27-0x0000000000C70000-0x0000000000C71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4584-34-0x0000000000400000-0x00000000007BD000-memory.dmp

          Filesize

          3.7MB

          Download