Overview

overview

7

Static

static

3

6682bae4a5...be.exe

windows7-x64

7

6682bae4a5...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    105s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2024 01:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6682bae4a5ebb9b21e092a0653e7b3be.exe

  • Size

    110KB

  • MD5

    6682bae4a5ebb9b21e092a0653e7b3be

  • SHA1

    07061a35070b1a841ff8a2f46310d983b45f8d55

  • SHA256

    4ddbdc34a18adb178274b6b4bbff7d01f1e980b30bf9e186a21b9fd27093d828

  • SHA512

    eb3dfe36bbe308b6131b4f6404c196dcd9cb1b050929a7c851539b6632ae52e9ffcbc36da1afd397298d0861ba5fd0eab9d354e7855f5cc9a05caddac5f1524d

  • SSDEEP

    1536:bmTdCCqS287V6LPEidmw8Yx7wV2Iy2e42Zukek3jPILTCaEViHoFIb:ypCCqS28K7+YGIx2X2Zu0jIEBFIb

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6682bae4a5ebb9b21e092a0653e7b3be.exe
    "C:\Users\Admin\AppData\Local\Temp\6682bae4a5ebb9b21e092a0653e7b3be.exe"
    1⤵
    • Checks computer location settings
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:3340
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ecj..bat" > nul 2> nul
      2⤵
        PID:5112

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Ecj..bat
      Filesize

      210B

      MD5

      3d932f8726b88d2c1c2075232cbc432f

      SHA1

      92f160fb9dcd78f84c1f1d8089480671bec8fbc1

      SHA256

      cdf77e3c11b4914c10093026153a64c4e9d0e271304401450ce21b3c8dc736f7

      SHA512

      2e22441a92fff6f6b1484ad3a3a877f9765357123f470ea9568286550896ea8c36a88d1ed593d0c661b5405ee685ce386c82f23e1dc58b3f23b52e5f92e0c484

      Download Submit

    • memory/3340-0-0x0000000000400000-0x0000000000421000-memory.dmp

      Filesize

      132KB

      Download

    • memory/3340-1-0x00000000005E0000-0x00000000005E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3340-2-0x0000000000400000-0x0000000000421000-memory.dmp

      Filesize

      132KB

      Download

    • memory/3340-4-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3340-3-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3340-6-0x0000000000400000-0x0000000000421000-memory.dmp

      Filesize

      132KB

      Download