Overview

overview

7

Static

static

3

46a6d59953...66.exe

windows7-x64

7

46a6d59953...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    168s
  • max time network
    197s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2024 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46a6d599535c3b51644e102f65929c66.exe

  • Size

    141KB

  • MD5

    46a6d599535c3b51644e102f65929c66

  • SHA1

    2115013bfc093dbfa96e802f246bdb262503c381

  • SHA256

    cfe2896dbf34e40c57b1379c2606f37811b614b2df5dd8123e9efe56de7e9efb

  • SHA512

    3856dc9786e84f9c0453b2640e7d2d09127d947a1057fed833e7e1bc25e08658e53cae8eea497531abab8f570a5eff7b7e937a219f588e73f44de2dd2b74eed0

  • SSDEEP

    3072:Aa9mSvkAZ2M5MPACog7DMM/qX0Ktj2FbjBGhMYctCgggggDpKiuxEjFq5ukj:AaENi2MGYg2BctCgggggDpK/r

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46a6d599535c3b51644e102f65929c66.exe
    "C:\Users\Admin\AppData\Local\Temp\46a6d599535c3b51644e102f65929c66.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3800
    • C:\Users\Admin\AppData\Roaming\Microsoft\explorer.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\explorer.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      PID:1412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\explorer.exe
    Filesize

    141KB

    MD5

    46a6d599535c3b51644e102f65929c66

    SHA1

    2115013bfc093dbfa96e802f246bdb262503c381

    SHA256

    cfe2896dbf34e40c57b1379c2606f37811b614b2df5dd8123e9efe56de7e9efb

    SHA512

    3856dc9786e84f9c0453b2640e7d2d09127d947a1057fed833e7e1bc25e08658e53cae8eea497531abab8f570a5eff7b7e937a219f588e73f44de2dd2b74eed0

    Download Submit

  • memory/1412-45-0x0000000011490000-0x00000000114C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1412-46-0x0000000011490000-0x00000000114C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1412-47-0x0000000011490000-0x00000000114C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3800-0-0x0000000011490000-0x00000000114C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3800-1-0x0000000011490000-0x00000000114C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3800-4-0x0000000011490000-0x00000000114C0000-memory.dmp

    Filesize

    192KB

    Download