Overview

overview

8

Static

static

3

50f23541d4...fb.exe

windows7-x64

7

50f23541d4...fb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 15:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    50f23541d4dbf1abe9a4f08aa44409fb.exe

  • Size

    3.4MB

  • MD5

    50f23541d4dbf1abe9a4f08aa44409fb

  • SHA1

    73fc4cf521af56fc63c6fea9f02d5fae2a930bc8

  • SHA256

    cd00a7e67d47f05e6bc2fe83217d1672685e75bc06d639698a01710899205919

  • SHA512

    c877108c344aefe695938b787f87e1d464a76e96b4358145dfb5bc522a7024dd56ebc7d9a9a5a1f8519f1a3753fd6b4492fcfbe40dbf7e4a3dbfe09a3e2f86ea

  • SSDEEP

    49152:vRUIaXCwmcg/7tSyWD5fE4luqaNaIXPPEf2OgiBVUrRZcjIWyt0xo:JUHXCwmcg/7tSFD5fE4luqacIU3vVSw

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50f23541d4dbf1abe9a4f08aa44409fb.exe
    "C:\Users\Admin\AppData\Local\Temp\50f23541d4dbf1abe9a4f08aa44409fb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3856
    • C:\Users\Admin\AppData\Local\Temp\50f23541d4dbf1abe9a4f08aa44409fb.exe
      "C:\Users\Admin\AppData\Local\Temp\50f23541d4dbf1abe9a4f08aa44409fb.exe"
      2⤵
      • Checks computer location settings
      • Drops startup file
      • Suspicious use of WriteProcessMemory
      PID:4332
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIu87NAvz4.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIu87NAvz4.exe" "C:\Users\Admin\AppData\Local\Temp\50f23541d4dbf1abe9a4f08aa44409fb.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2388
        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIu87NAvz4.exe
          "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIu87NAvz4.exe" "C:\Users\Admin\AppData\Local\Temp\50f23541d4dbf1abe9a4f08aa44409fb.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2904
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\SysWOW64\cmd.exe"
            5⤵
            • Blocklisted process makes network request
            • Suspicious behavior: EnumeratesProcesses
            PID:3940

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIu87NAvz4.exe
          Filesize

          405KB

          MD5

          487f258ad4487402141f36e6d77b33ee

          SHA1

          d8f9b5c8f51d4789b42dfc1359f6d03b70beef8f

          SHA256

          c50edf24e35fff77014b56057637d8f548b149585187340aab7fa9447d825810

          SHA512

          268615dcfa175e681e657e19689b9d6c67507d1f8c542eaebc656fcf1adcd0da5e477d47740694c33cd922d17642f9dc86ee02c9269c18bd144f5d2c8a2c4d82

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIu87NAvz4.exe
          Filesize

          385KB

          MD5

          4a7e565f1b233721a49d9421de836c62

          SHA1

          5ef958994627b299e4de0348cc29a97ef23a66aa

          SHA256

          3610b16fa3ef1b6a2384f71b8f36ee9ffbcf903c254289d87de161cfe13470f2

          SHA512

          055507f9ecccbc352634ad6b31beb1613d31c20c2687ec47d4773614183bd9a4e285e38fdb28dcec2f259f2abc7641a00f9270930188de488d1e4e5d95970efa

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIu87NAvz4.exe
          Filesize

          349KB

          MD5

          056397fab7f7bae1aa19e4765fbec88d

          SHA1

          ac73b387d90b259d738c71ba5f2cb67325de4b61

          SHA256

          7f404b37d7a1e0e70acbdadecaa2ab1679fd525fe8891514384d140560e41095

          SHA512

          fe4fc87468299561c7277433c6f377b586f43a0a28b69679501ceeaaa00fde9b0dc01f702c3fbecb9f83f37895d4dd94bc03dd30cb575926f50c0472cf8c5874

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIu87NAvz4.exe
          Filesize

          384KB

          MD5

          9f465a8ed1a57e7c142296131837148c

          SHA1

          6348117450d160f280b14a79aab963ed4127ab41

          SHA256

          abf27944805b6b4678fae2d5c5328f58b469874b914bfde839e2bb547d8ea96a

          SHA512

          767a9bba08950c1a38ef2ecc969ab28c8836c0920baf2184067ff974f48517465228b64e7f4cedf5d2525a5d1f1469ca251d56992d19f3510170eecfb8cd1a89

          Download Submit

        • memory/2388-12-0x0000000000400000-0x00000000007FE000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/2388-27-0x0000000000400000-0x00000000007FE000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/2904-21-0x00000000776D2000-0x00000000776D3000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2904-18-0x00000000776D2000-0x00000000776D3000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2904-15-0x0000000000400000-0x00000000007FE000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/2904-19-0x00000000001F0000-0x00000000001F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2904-24-0x0000000000AD0000-0x0000000000B6E000-memory.dmp

          Filesize

          632KB

          Download

        • memory/2904-23-0x0000000000400000-0x00000000007FE000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/2904-17-0x0000000000AD0000-0x0000000000B6E000-memory.dmp

          Filesize

          632KB

          Download

        • memory/2904-20-0x00000000776D2000-0x00000000776D3000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3856-16-0x0000000000400000-0x00000000007FE000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/3856-0-0x0000000000400000-0x00000000007FE000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/3940-36-0x0000000005520000-0x000000000559E000-memory.dmp

          Filesize

          504KB

          Download

        • memory/3940-37-0x00000000057C0000-0x00000000058AA000-memory.dmp

          Filesize

          936KB

          Download

        • memory/3940-49-0x00000000091A0000-0x0000000009534000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/3940-22-0x0000000001EA0000-0x0000000001F39000-memory.dmp

          Filesize

          612KB

          Download

        • memory/3940-48-0x00000000058B0000-0x0000000005957000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3940-46-0x0000000005600000-0x00000000056BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/3940-47-0x00000000097D0000-0x00000000099DB000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3940-29-0x0000000001D90000-0x0000000001D91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3940-31-0x00000000776D2000-0x00000000776D3000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3940-33-0x0000000002240000-0x00000000022DE000-memory.dmp

          Filesize

          632KB

          Download

        • memory/3940-32-0x0000000002240000-0x00000000022DE000-memory.dmp

          Filesize

          632KB

          Download

        • memory/3940-30-0x00000000776D2000-0x00000000776D3000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3940-28-0x00000000776D2000-0x00000000776D3000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3940-35-0x00000000052A0000-0x00000000052C1000-memory.dmp

          Filesize

          132KB

          Download

        • memory/3940-25-0x0000000001EA0000-0x0000000001F39000-memory.dmp

          Filesize

          612KB

          Download

        • memory/3940-40-0x00000000097D0000-0x00000000099DB000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3940-41-0x00000000058B0000-0x0000000005957000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3940-39-0x0000000002240000-0x00000000022DE000-memory.dmp

          Filesize

          632KB

          Download

        • memory/3940-38-0x0000000005600000-0x00000000056BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/3940-42-0x00000000091A0000-0x0000000009534000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/3940-26-0x0000000002240000-0x00000000022DE000-memory.dmp

          Filesize

          632KB

          Download

        • memory/3940-34-0x00000000054D0000-0x0000000005519000-memory.dmp

          Filesize

          292KB

          Download

        • memory/3940-44-0x0000000002240000-0x00000000022DE000-memory.dmp

          Filesize

          632KB

          Download

        • memory/3940-43-0x0000000001EA0000-0x0000000001F39000-memory.dmp

          Filesize

          612KB

          Download

        • memory/3940-45-0x0000000001D90000-0x0000000001D91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4332-1-0x0000000000400000-0x00000000007FE000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/4332-2-0x0000000000A60000-0x0000000000AFE000-memory.dmp

          Filesize

          632KB

          Download

        • memory/4332-14-0x0000000000A60000-0x0000000000AFE000-memory.dmp

          Filesize

          632KB

          Download

        • memory/4332-11-0x0000000000400000-0x00000000007FE000-memory.dmp

          Filesize

          4.0MB

          Download