Overview

overview

7

Static

static

3

636f294d5f...48.exe

windows7-x64

7

636f294d5f...48.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2024, 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    636f294d5ff859326e43da9061e30148.exe

  • Size

    96KB

  • MD5

    636f294d5ff859326e43da9061e30148

  • SHA1

    baef291cc4d6b366aaba17d812ec5c7ca3f9c9c9

  • SHA256

    a5591f98da28c005d52c186f92f5bfa0560e3a46a8fb6e1379499c549153207e

  • SHA512

    28f9c60fa84d66794f1c6622ac0cf313c20fafb355cbcc293c07a7053e1c57070c01008244f9637441c40d05ea2944630ce7db6611d4cc8586fa72b754fdbb88

  • SSDEEP

    1536:ERSnTZfr0od8rUhy3edOjL/iJBR4MfpheJVxvcHOG7FIy:PD0oZhy1CJBR4MfXeJVxvcHOG7FIy

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\636f294d5ff859326e43da9061e30148.exe
    "C:\Users\Admin\AppData\Local\Temp\636f294d5ff859326e43da9061e30148.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4800
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Yqj..bat" > nul 2> nul
      2⤵
        PID:1020

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Yqj..bat
      Filesize

      210B

      MD5

      f0b5131d2874035f772b69d324c8e0eb

      SHA1

      ffff43f5547b069f71c15299ea7187e577f767cf

      SHA256

      0d822d68d3ae08f351774170e4d2bd322797949ce932f6bb801538a5575e8ebf

      SHA512

      48bc758123e4157a1f7f1a18ecf1a83d3095f807eaa66dedd79aa38fc9910b217af80c23e99b3407085546f27021cf7656e02beb7394d4fd76856dd07ab0cd6c

      Download Submit

    • memory/4800-0-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/4800-1-0x0000000000590000-0x0000000000591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4800-2-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/4800-3-0x0000000002300000-0x000000000231B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/4800-4-0x0000000002300000-0x000000000231B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/4800-6-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download