Overview

overview

10

Static

static

3

5add7df8ec...80.exe

windows7-x64

10

5add7df8ec...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5add7df8ecb1ed8c93cf5ad24f032f80.exe

  • Size

    55KB

  • MD5

    5add7df8ecb1ed8c93cf5ad24f032f80

  • SHA1

    c7b6ed448a8fdf22e7d4dc35e5cca9b221fae5e9

  • SHA256

    9f291fc0fc47f206e76fdf8e121f39c94d4805b0607e2677195eae43024bbb94

  • SHA512

    02c557d28ff4686cefa34fc076abf28a68486d0eded98e921a1cc74f112adee4e7296218e4a31cbadb03b98c603f37d2581e2151e8f4831abb9800b9b066f29b

  • SSDEEP

    1536:V3cpyORJLuB4P4AJJv4Romu/k58C28ho3:V3c1fP4AJJv45j8C2mo3

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\5add7df8ecb1ed8c93cf5ad24f032f80.exe
    "C:\Users\Admin\AppData\Local\Temp\5add7df8ecb1ed8c93cf5ad24f032f80.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Checks computer location settings
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4044
    • C:\Windows\SysWOW64\attrib.exe
      "C:\Windows\System32\attrib.exe" "C:\Program Files (x86)\Microsoft\ie1\Internat Explorer" +s
      2⤵
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:948
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp.bat" "
      2⤵
        PID:5080

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsc4C2E.tmp\System.dll
      Filesize

      11KB

      MD5

      00a0194c20ee912257df53bfe258ee4a

      SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

      SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

      SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp.bat
      Filesize

      186B

      MD5

      0c9e37b737dd6fe62277052ffe1b8a8e

      SHA1

      ad802963eb42631d8435940aa8b06ad3d8b663d0

      SHA256

      1a426630c9bde25de986a393fe2ae3c1f84a7d0317c0e7ee7e288a5def3f47b0

      SHA512

      77c762111d25f92e47d62a15a321df4591784e3534c77fc2b6406e2c954b10eca0ae6fa4712788b2546f8ca34500bad914369dc2eafeac2625daad6b8fd8dec6

      Download Submit