Overview

overview

7

Static

static

3

4d148a355e...fd.exe

windows7-x64

7

4d148a355e...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2024 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d148a355e035d52da1bb710e60f55fd.exe

  • Size

    2.7MB

  • MD5

    4d148a355e035d52da1bb710e60f55fd

  • SHA1

    cccc50cf6adbe84d967ac2b9088f706d4165daf2

  • SHA256

    e10530349cf0d2f459aa768f3f0c2b3974201c41faa24854209742e34a70721b

  • SHA512

    5d5c1f772144d38c97070f3a821f6492d28a991ad251e052a04e735b2afc3dd42f30f06f24e2ca255fe00517c7e23f6668826ecaec26da6f1d58effd0a1a6059

  • SSDEEP

    49152:oJy796EvMtTx435MtV+O14pWPMPdEAnPc5aIgqINUB+EuWi0+CSqvVBI1r/:d7AEvgVOI4QPc6dIcRso8

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d148a355e035d52da1bb710e60f55fd.exe
    "C:\Users\Admin\AppData\Local\Temp\4d148a355e035d52da1bb710e60f55fd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Users\Admin\AppData\Local\Temp\is-LFVVF.tmp\4d148a355e035d52da1bb710e60f55fd.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-LFVVF.tmp\4d148a355e035d52da1bb710e60f55fd.tmp" /SL5="$601CE,2423269,153088,C:\Users\Admin\AppData\Local\Temp\4d148a355e035d52da1bb710e60f55fd.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4916
      • C:\Users\Admin\AppData\Local\Temp\is-7QMTF.tmp\WMF.exe
        "C:\Users\Admin\AppData\Local\Temp\is-7QMTF.tmp\WMF.exe" /aid=151 /sub=22 /sid=80 /name="berserk.film.torrent_final.zip" /fid= /stats=eZ0r7/y5w0CIiPIZDZ4v/9DwDGe04OJ2TB8pcK03kJPgNcfTd9SDmzOSmrlbczzjao9bLeh1aI6WZc14/aQ0yA== /param=0
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/212-0-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/212-2-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/212-39-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3968-37-0x0000000002470000-0x0000000002471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3968-41-0x0000000000400000-0x0000000000801000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3968-45-0x0000000002470000-0x0000000002471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4916-7-0x00000000022E0000-0x00000000022E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4916-40-0x0000000000400000-0x0000000000529000-memory.dmp

    Filesize

    1.2MB

    Download