Overview

overview

7

Static

static

3

535ded1ac6...09.exe

windows7-x64

7

535ded1ac6...09.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 11:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    535ded1ac6be8b4229c473b7dd2fd409.exe

  • Size

    2.5MB

  • MD5

    535ded1ac6be8b4229c473b7dd2fd409

  • SHA1

    9aca7d3f67d5689770a929e3acdf5d83984535bd

  • SHA256

    e90f2446257fe800d9717bba35490895588d861bbd6aff6c69919a1dd201253b

  • SHA512

    3dc79a18d806d9b4e7985caaf1013110a37a9b78ad98332455345aa359b6ca5172d7fa1aa591f9c9cdd9e75f84e3bd0db7df6add43fb6e13bb976702c9fc0cf0

  • SSDEEP

    49152:oky796EvMtTx435MtV+Oj29Ls3t/cwCxHHlc2KP1z8o/MO2Uqed3yBI1r6:o7AEvgVOy29Ls3JslVYzjMO26i1

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\535ded1ac6be8b4229c473b7dd2fd409.exe
    "C:\Users\Admin\AppData\Local\Temp\535ded1ac6be8b4229c473b7dd2fd409.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3436
    • C:\Users\Admin\AppData\Local\Temp\is-9OMQ5.tmp\535ded1ac6be8b4229c473b7dd2fd409.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9OMQ5.tmp\535ded1ac6be8b4229c473b7dd2fd409.tmp" /SL5="$80062,2280122,153088,C:\Users\Admin\AppData\Local\Temp\535ded1ac6be8b4229c473b7dd2fd409.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:924
      • C:\Users\Admin\AppData\Local\Temp\is-UDV4U.tmp\WMF.exe
        "C:\Users\Admin\AppData\Local\Temp\is-UDV4U.tmp\WMF.exe" /aid=0 /sub=0 /sid=42 /name="8.rar" /fid= /stats=uhXahdQwjgz0bIbFCS1YJKKBJsZ82zBqiwgVpPkbhdKvtnAToRwReyXmsM6LREsoVbTWb+9INw3LdT9Ouchy/w== /param=0
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:4984

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-9OMQ5.tmp\535ded1ac6be8b4229c473b7dd2fd409.tmp
          Filesize

          1.1MB

          MD5

          8811a0652c18dbcf68955f99df537eb8

          SHA1

          70cff6c43c0f873295dc085018639dff02f33012

          SHA256

          d69f51e65e3944891ec9c392b3d7410d81f8f93e55b9071584bfd1d384862230

          SHA512

          ed2ff6cfe272a8ae260233a1bb653adc0eaae13388418a9dea692b9924999d89b8677b8669fa24dcb0c606cfca7045bef779e1c58547f3f17d5096cbbe31d60a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-UDV4U.tmp\WMF.exe
          Filesize

          3.3MB

          MD5

          665ecaa9b05b183eceb5fa566240b673

          SHA1

          8b115b8053905c20c14fe079695341345d2438a1

          SHA256

          7da8e667bed83fe17f75f2836230e59e7d7c52ec9e45269f6c7a738446823932

          SHA512

          56abfe393d84c244396be52843fbf31cbe10934674f60f8fe5a1ded4944f26aafd56b19f1be02e4de2dc2ee4e7e51d436351a86519f11a399ac483eb34e5c072

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-UDV4U.tmp\WMF.exe
          Filesize

          2.4MB

          MD5

          eb0195a1d0280ee35d245ce3c80fd358

          SHA1

          a07728877465dbc06f08a12717b921d17556a881

          SHA256

          4c033e85dc3aa0eef58bc147e4fcf41fdf7dc67632b096892ac21d54944ba6e1

          SHA512

          7690298c6932d1520e98be8dd4790b141558d7b4b435bbff0d070da53d52e60c7522bbcb2f8eac01cf980817f140b8363bcb0195a772a213d1ab46ea7b2669a3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-UDV4U.tmp\WMF.exe
          Filesize

          2.3MB

          MD5

          25f347ca7ea12d179e34aa732c53a6ba

          SHA1

          b2326b65c117f96d2442f5f672812b02c7e8d370

          SHA256

          145cd7c1aec9b0741d55fcdd36da66be081015f71c94f478b312d55e09e2e13a

          SHA512

          e393c1e1409f7a952cdabbcd57382c84299fb41489c3be4a60eb93b4a4a38237ba984c16ee635af0e430024ad126d6d09ac7a96383a632e3327643275ffc37da

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-UDV4U.tmp\default.xml
          Filesize

          2KB

          MD5

          4c219b78a305d3e52c811542154bb224

          SHA1

          7efe3e383b29c808cfb3ad0fd90d627ea7b2b2bf

          SHA256

          a0dbdc08f771e32a5ef06f47b436afb270e860578971a974db0c34c0c1366a7c

          SHA512

          bced9584568b011c0b2013e48d6b9503f77b01c57e2049722326a40363ce42c533e590c4583cf0cf3a5391f3208db8135b5afdc27ae7359af3ded66b11e628b8

          Download Submit

        • memory/924-7-0x00000000022F0000-0x00000000022F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/924-37-0x0000000000400000-0x0000000000529000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/924-42-0x00000000022F0000-0x00000000022F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3436-0-0x0000000000400000-0x0000000000430000-memory.dmp

          Filesize

          192KB

          Download

        • memory/3436-2-0x0000000000400000-0x0000000000430000-memory.dmp

          Filesize

          192KB

          Download

        • memory/3436-36-0x0000000000400000-0x0000000000430000-memory.dmp

          Filesize

          192KB

          Download

        • memory/4984-34-0x0000000002580000-0x0000000002581000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4984-38-0x0000000000400000-0x00000000007E2000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/4984-43-0x0000000002580000-0x0000000002581000-memory.dmp

          Filesize

          4KB

          Download