Overview

overview

7

Static

static

3

508d653e1d...46.exe

windows7-x64

7

508d653e1d...46.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 12:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    508d653e1dc1e953dacc1796da64fc46.exe

  • Size

    575KB

  • MD5

    508d653e1dc1e953dacc1796da64fc46

  • SHA1

    ad79da6da3e640ae041c23ef236f541d393a6974

  • SHA256

    a6a5fed28624a737160b463cd57e4423316239f8c89a33a4e1164a27ef2e5b21

  • SHA512

    1fd7d4e9681038376805fea399dcc8bdf48fe04cc0a8a0606f1af7145241a1d4a9baddd37a265a6a12a8763a0e60f580a3d5d9604a4201e859cd2c8dd282b6c9

  • SSDEEP

    12288:gkxIwYQWP5DKwpoAH2q0hVM9cdQ5H/W4oqI:jx2VKw+AH2q0hVM9BfWuI

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\508d653e1dc1e953dacc1796da64fc46.exe
    "C:\Users\Admin\AppData\Local\Temp\508d653e1dc1e953dacc1796da64fc46.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4592
    • C:\exp\sjopuhc.exe
      "C:\exp\sjopuhc.exe"
      2⤵
      • Executes dropped EXE
      PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\exp\jtumr.exe
    Filesize

    8KB

    MD5

    144ddb8e24c2b5515d0e8702c7cf90bd

    SHA1

    8177e6529c232ac487c61db451d593a419c7cd62

    SHA256

    116be2a2db5e2efbaa4930121d0e47f59df187935ca6578cf141d6def473dfa3

    SHA512

    3c91053d0c086d5df01d4f15a034cd3fed5eb7a44668d8d9af1bfd74a380b5e5f4a7824c08b8f61f853405062e92bef57faaa401c357903d8f49f9b4d75707b2

    Download Submit

  • C:\exp\sjopuhc.exe
    Filesize

    544KB

    MD5

    7019fae284a1537b6d072e622949ce15

    SHA1

    f1bbcff812b9c43bb481ae85986025a6d39da13a

    SHA256

    4fb050b7664ceae39c48f2ef3ac0deb853ef0016b84195f66b0d5371dde6a839

    SHA512

    2021d76673a8b438e898105e5648f89629bc9fc854f6cfe7579590b4ea0c0ff417467476f6ed4bfd48c7f24dc7f86330082b96e77b3c702e8e19fd2329ae736f

    Download Submit

  • C:\exp\sjopuhc.exe
    Filesize

    166KB

    MD5

    7f7822d9e75eea269d1d364f776ed53b

    SHA1

    ca94b310b1af39a98e72513c5ff0f691e9f03d6b

    SHA256

    5f3d972120af7b171c2971607f28b022590153396ed548e7d30fc4c41a854ec6

    SHA512

    3177c641b68e2a78ead788910de53cb360959271812fb660511aed187aa7beb422f7ce63b49b348ab2178dc8432fd0c81ebb797eaf2f38b1ceb9e17ae0d3e93f

    Download Submit

  • memory/2172-16-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download