Overview

overview

7

Static

static

3

4580d4f269...b3.exe

windows7-x64

7

4580d4f269...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    69s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 06:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4580d4f26911d5512d036d284a46d4b3.exe

  • Size

    33KB

  • MD5

    4580d4f26911d5512d036d284a46d4b3

  • SHA1

    4ab1518fc79e8893b67f04648cc2010fea53d511

  • SHA256

    6a6daec3ef90c6fe1291cfcc1c4580be2813f6d51ba0a5de208ece9f697603da

  • SHA512

    f953fc099b7b71a2d3e02b786b8a90bd5da2efb7d2690081f28e45fc28201148574bf963a228b24f99ea8501b39088c26c74d0baa4e5091d86ca538eb0e3591d

  • SSDEEP

    384:Dw5+1h1UYii+lNppElKelRgr8I4GSFdVp8NAbifwpIgX+FW3el7xI:2+1hS7i+lbpElBqMB3+I/qWQ7

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\4580d4f26911d5512d036d284a46d4b3.exe
    "C:\Users\Admin\AppData\Local\Temp\4580d4f26911d5512d036d284a46d4b3.exe"
    1⤵
    • Checks computer location settings
    PID:728
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %TEMP%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
      2⤵
        PID:232
    • C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Local\Temp\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
      1⤵
      • Creates scheduled task(s)
      PID:948
    • C:\Users\Admin\AppData\Local\Temp\service.exe
      C:\Users\Admin\AppData\Local\Temp\service.exe
      1⤵
        PID:1420
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %TEMP%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
          2⤵
            PID:4496
        • C:\Windows\SysWOW64\schtasks.exe
          schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Local\Temp\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
          1⤵
          • Creates scheduled task(s)
          PID:2352

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\service.exe
                Filesize

                19KB

                MD5

                2fd394d234ba5b304def3c2d61c55dde

                SHA1

                ce0c203bfe034bf9d91d309b5926829c3ec7372d

                SHA256

                28bd92b88dea19ae1bcd4ce0740c241bdd21e3137ddf1d72fc9ca0708c3f5b5c

                SHA512

                6d386a8d1a90d2a71e135830897116924433962ba279e96314e95a949e53bbff8c6bc65715295780edd72e3d6c9a348bbc6cbe705670b034a2467d30811348d8

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\service.exe
                Filesize

                33KB

                MD5

                4580d4f26911d5512d036d284a46d4b3

                SHA1

                4ab1518fc79e8893b67f04648cc2010fea53d511

                SHA256

                6a6daec3ef90c6fe1291cfcc1c4580be2813f6d51ba0a5de208ece9f697603da

                SHA512

                f953fc099b7b71a2d3e02b786b8a90bd5da2efb7d2690081f28e45fc28201148574bf963a228b24f99ea8501b39088c26c74d0baa4e5091d86ca538eb0e3591d

                Download Submit

              • memory/728-1-0x0000000000400000-0x000000000040E000-memory.dmp

                Filesize

                56KB

                Download

              • memory/1420-10-0x0000000000400000-0x000000000040E000-memory.dmp

                Filesize

                56KB

                Download