Overview

overview

7

Static

static

3

3ecb9ec3bd...ff.exe

windows7-x64

7

3ecb9ec3bd...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/01/2024, 14:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3ecb9ec3bdb4b4cedc2b0bf90e2a65ff.exe

  • Size

    663KB

  • MD5

    3ecb9ec3bdb4b4cedc2b0bf90e2a65ff

  • SHA1

    c49d9bb05210d6f581635ecb8d11a90c253ff283

  • SHA256

    eb01159dd0da755c77baf8b111a89f52dbcebd17739fa8a595905c84a815a37e

  • SHA512

    2305cca826b0f28315b0ee9e0c4dbb0b3703dd6a2888cfd7447cff9386ffa56ccb610da4e9b4b59383b890926cee459c721d98aba9fa16c451907e0a8e03c684

  • SSDEEP

    12288:GFGawBwy2MZqy4e2TgQCgjUapKV22oLeuMNRwE4jvTYolQBGBWyFmErLKd9XqdgT:Nawr7Zo7CgZu2E4Sx0OT

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ecb9ec3bdb4b4cedc2b0bf90e2a65ff.exe
    "C:\Users\Admin\AppData\Local\Temp\3ecb9ec3bdb4b4cedc2b0bf90e2a65ff.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Users\Admin\AppData\Local\Temp\ope4BFD.exe
      "C:\Users\Admin\AppData\Local\Temp\ope4BFD.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:64
  • C:\Program Files\Internet ExplorEr\IEXPLORE.EXE
    "C:\Program Files\Internet ExplorEr\IEXPLORE.EXE"
    1⤵
      PID:2444
    • C:\Windows\G_Server1.23.exe
      C:\Windows\G_Server1.23.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1804

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ope4BFD.exe
            Filesize

            192KB

            MD5

            e722a9d7ebcb34a4e5ae356cac3cd211

            SHA1

            b6c5aefd93f748caefbe7f9e3c286e5083136a95

            SHA256

            3de1295cce06a1c5e0b352efbc0a84076f3a67da26edd7984f9bc0d09106bfdb

            SHA512

            911baa3034b030b9d06caac5b6bdd83c8b7f757130d3e27ca509e5dbe63af8664c95ea3233e4d894a91594e079305a82907697fe28794889dd2602eb65414244

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\ope4BFD.exe
            Filesize

            662KB

            MD5

            27d3c239e174703881f63ce3d8529a5c

            SHA1

            cb74253ff5d6c23d57c83da03d297e1f2738540b

            SHA256

            85740aa7a79037f63448363c1ab4b7c00dade664f8c54d433b39f3f329ba0584

            SHA512

            2a50ef977df2bd4fd9af2698cd09700f7a40765548a66825882e56c425a4406709d208377d924399849fced9a8dfbf3bdd86fd0e26e08dcf8d11dda489ad6761

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\ope4BFD.exe
            Filesize

            640KB

            MD5

            32815ff7badea9bcd84e5e99b31a3a41

            SHA1

            4a8d716c18c01be7e24fc1bee0ccea292b01688f

            SHA256

            a753c4b457c57d5132042e15e97427045be859538f47f6c8dc08cca8195fd666

            SHA512

            56af73fd6ccbcfc4d1728517d6cd5b9a6066440edf640f45c8a62931cee6caed1cc26f3043bc8f19cc96ddd7f472f21117afac5617121845ecd9eb36ae56ddc7

            Download Submit

          • C:\Windows\G_Server1.23.exe
            Filesize

            99KB

            MD5

            d290cfba1aaf5a229bcf595531e451d8

            SHA1

            842c96225b491d5c7335c5e29790112d92390c3e

            SHA256

            99fa10e1039bce7672f5cfabcb4851274012b4210e2e602f5fcb29c7ca439889

            SHA512

            104a38729f75bc4a2a57090b79337a2530d678f8b9cf6cda0e0377af22ad5d8d4dcd877bd35adba5843cefb6d4c4a0c79478ccb47d8a5ad1a8eaa2bad97c37f5

            Download Submit

          • C:\Windows\G_Server1.23.exe
            Filesize

            93KB

            MD5

            8030acd13bc64d25eef34d8632760d10

            SHA1

            db336493427c3bf7f558da5c4d125297297e2a04

            SHA256

            38b59bf4a8333982753c639b55624007edefef8976e030997e70ec9a0e5b101c

            SHA512

            51b54646106e71b7d9c31b83d5f8501acd382738cca09567ed6ce86a9bdf82adbf1b06c361fa4fc4ff4f3fa1190601ad760745caa5bc5cfdd3c245e0c743b42b

            Download Submit

          • memory/64-18-0x0000000000400000-0x00000000004AD000-memory.dmp

            Filesize

            692KB

            Download

          • memory/64-8-0x0000000000400000-0x00000000004AD000-memory.dmp

            Filesize

            692KB

            Download

          • memory/64-13-0x0000000002340000-0x0000000002341000-memory.dmp

            Filesize

            4KB

            Download

          • memory/316-9-0x0000000000400000-0x00000000004A7A0C-memory.dmp

            Filesize

            670KB

            Download

          • memory/316-0-0x0000000000400000-0x00000000004A7A0C-memory.dmp

            Filesize

            670KB

            Download

          • memory/1804-16-0x0000000000400000-0x00000000004AD000-memory.dmp

            Filesize

            692KB

            Download

          • memory/1804-17-0x0000000000650000-0x0000000000651000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1804-19-0x0000000000400000-0x00000000004AD000-memory.dmp

            Filesize

            692KB

            Download

          • memory/1804-20-0x0000000000650000-0x0000000000651000-memory.dmp

            Filesize

            4KB

            Download