Overview

overview

7

Static

static

3

36c055a171...bf.exe

windows7-x64

7

36c055a171...bf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    207s
  • max time network
    224s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36c055a1718897e0c97699adcc31f0bf.exe

  • Size

    162KB

  • MD5

    36c055a1718897e0c97699adcc31f0bf

  • SHA1

    a8026ad291803ff30e5cbfc246c0d1120af56856

  • SHA256

    7621d066b672b9f6ef5563386606cfcf2a650c88096986bcb67c6bcaf7be173d

  • SHA512

    bc8b7e93b44b3c1f7d022019b8479794ee0d866edec6d2005fd1755fe5a9c7b1b4591d4f4117ae84fbf12876e5a4bafcf7027fd8fb8cb5ec6a44077dddd894a9

  • SSDEEP

    1536:0vn9DmOPj3/EyIR1Y+IjIVZgFNyifN/E3+gHurSwzMpE1gNYlVLNl:0l3TIR1YzNy8E3+dGna1rLNl

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36c055a1718897e0c97699adcc31f0bf.exe
    "C:\Users\Admin\AppData\Local\Temp\36c055a1718897e0c97699adcc31f0bf.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4808
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Szp..bat" > nul 2> nul
      2⤵
        PID:1948

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Szp..bat
      Filesize

      210B

      MD5

      ac72dd5f60129f7ac4c75ae2d6c93a09

      SHA1

      4ea96e0994fcb6ee4ec5f15ad58d4c97740a163a

      SHA256

      3730f40431db378ffd50654705e3899ce984b5f0b30b8fd69909b69761478959

      SHA512

      10790092a602918f36e6938672d0abdaa935d7761e2128a347b54c696198b1323942443cd40cb5bc67b07cacf190fe0255c296120000dfce82740a1f44e94c1a

      Download Submit

    • memory/4808-0-0x0000000000A10000-0x0000000000A22000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4808-1-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4808-2-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4808-3-0x0000000000A30000-0x0000000000A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4808-4-0x0000000000A30000-0x0000000000A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4808-6-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download