Overview

overview

10

Static

static

3

51b97a98b2...56.exe

windows7-x64

10

51b97a98b2...56.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 21:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    51b97a98b2394e66650577477ce63156.exe

  • Size

    196KB

  • MD5

    51b97a98b2394e66650577477ce63156

  • SHA1

    aa3914c4e50f03ea29f6b72c5820515271a6f634

  • SHA256

    cb93ec8a8c66c0b6297ebdc2c237b29b109b3aefbe21656999ea74eff124b0be

  • SHA512

    a165b039fef9e207ebf17f16ecb6ebe22f1e7c2ac3bb662a3a47c3c47367e247df778712c404e983df10923b9a1ddcb13930546153a559c0de731ba61a8d709a

  • SSDEEP

    3072:Jg0vVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:JrvVnPybzV8Oio0ctLTt08doLRO8qeg

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51b97a98b2394e66650577477ce63156.exe
    "C:\Users\Admin\AppData\Local\Temp\51b97a98b2394e66650577477ce63156.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Users\Admin\sueed.exe
      "C:\Users\Admin\sueed.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4592

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\sueed.exe
          Filesize

          196KB

          MD5

          dd6bc5ae9b6dd2a146596dec3904371c

          SHA1

          2fe491002d7332526f3c41b5c40535e5e6058923

          SHA256

          2a875b9a70e25dec71f75ecb8ce553dac5a9f7c502c3661d65f5d292d4c56f68

          SHA512

          d47b2310e19496685272dad772e01074cdf53d70824d5425f93d378401b0ce787f49ff48bb21533900830c054635ceb4001c7e64f4a64442e92569d14d6d242a

          Download Submit