Overview

overview

7

Static

static

3

66b47a8bd2...95.exe

windows7-x64

7

66b47a8bd2...95.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66b47a8bd2c4839d2580873e2caf6795.exe

  • Size

    67KB

  • MD5

    66b47a8bd2c4839d2580873e2caf6795

  • SHA1

    6a63beb0eb29cdda5f4560c2b73b4a8c525526dd

  • SHA256

    5bd7dd767f2117874b60329f26a165c710ffa9792dcccb16c513efc47a35f790

  • SHA512

    d9563ac3c2c815b747f9e470d7df01d82ab89d09374983bbe14edd4f57e4b2dfc7231e7802b515e779f036e2efe0cb4239b1c7839561a392d279799f050b3f11

  • SSDEEP

    1536:mzfYml1LyVxmhZLi2worAXAKpu8gDY/hha9jqzo+zrGYrgPoeo0SL99ZJ1qq0Y:Ug89Uxcm2AQ7DY/hg9GUJKggeBqZJd

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66b47a8bd2c4839d2580873e2caf6795.exe
    "C:\Users\Admin\AppData\Local\Temp\66b47a8bd2c4839d2580873e2caf6795.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Dtb..bat" > nul 2> nul
      2⤵
        PID:3240

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Dtb..bat
      Filesize

      210B

      MD5

      288f62424cf8c0c062c364f2d08efc1e

      SHA1

      d0d463c7e03418dfd832226c056cb6196a9657b0

      SHA256

      cab222451800316c1317527758cc3a8d50835534ba40447a69000f59b28d4645

      SHA512

      8922c920cae687381cd5ac93c5accf62178b05d6a2874c8cad4d7e14ac3cb634393954d5929fb07c13b831459004b29a3c3a1fea83d7d420001902bfc6d8ebb7

      Download Submit

    • memory/3064-0-0x0000000002020000-0x000000000203E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3064-1-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/3064-2-0x0000000002090000-0x00000000020AB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3064-3-0x0000000002090000-0x00000000020AB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3064-5-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download