Overview

overview

7

Static

static

3

65f6036f54...13.exe

windows7-x64

7

65f6036f54...13.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 20:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    65f6036f540d6582f4ca07c957860213.exe

  • Size

    27KB

  • MD5

    65f6036f540d6582f4ca07c957860213

  • SHA1

    ac1346ef3401c03a6e14196759fdd68ec57f6e22

  • SHA256

    85222d65c157fd116db3d26f386d18f8e198a0550198fdbd921bdf5a79f3d452

  • SHA512

    f9bf150a6c3ed361d15abcbd99e41e72346db1b2bb11a3f555c1ed65a0a2d7600765988af292ae36dba3a743b275b8869a0f8efa5788854e3c7458463e82c79c

  • SSDEEP

    384:IC5azxFqgqja4u5oNh2iGDSd+BniLjlkh/GNz03+vlV4EuOdKlhLnlgM11jlZtO7:IiazxujwSd+BnitQGelznOp6yH

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65f6036f540d6582f4ca07c957860213.exe
    "C:\Users\Admin\AppData\Local\Temp\65f6036f540d6582f4ca07c957860213.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Users\Admin\AppData\Local\Temp\94e3aae9-7065-49e2-a4cf-e44960c44472.exe
      "C:\Users\Admin\AppData\Local\Temp\94e3aae9-7065-49e2-a4cf-e44960c44472.exe"
      2⤵
      • Executes dropped EXE
      PID:956

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\94e3aae9-7065-49e2-a4cf-e44960c44472.exe
          Filesize

          4KB

          MD5

          f80fa38d37eb2d1d1d3aec66003b5780

          SHA1

          fd5e87fe12df96def7ec3823744c063ecbcf653d

          SHA256

          eec418db69eab627d827a3d1b416ab5960af88ccde836a139f9c9c11d5556f55

          SHA512

          3c1b9cf19759e80427cd81c53558f031ec0f404fdedf984f7a6635fadb64451a7a59ae4de16a41e4f508541c15e2a7dffcd65eb09cbc3eec442783e5d5a955d9

          Download Submit

        • memory/956-14-0x0000000000BD0000-0x0000000000BD8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/956-17-0x0000000074C20000-0x00000000753D0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/956-15-0x0000000074C20000-0x00000000753D0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/2472-0-0x00000000000F0000-0x00000000000FC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/2472-2-0x00007FFBCA4F0000-0x00007FFBCAFB1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2472-13-0x0000000002280000-0x0000000002290000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2472-18-0x00007FFBCA4F0000-0x00007FFBCAFB1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2472-19-0x0000000002280000-0x0000000002290000-memory.dmp

          Filesize

          64KB

          Download