Overview

overview

7

Static

static

3

68045b7877...fd.exe

windows7-x64

7

68045b7877...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 15:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68045b7877a9b9a04086754c61af21fd.exe

  • Size

    16KB

  • MD5

    68045b7877a9b9a04086754c61af21fd

  • SHA1

    85b1fc6ed2e3c44976548cd73f1033e0466057c4

  • SHA256

    652a52e60e4dc10525ed86389b8fe17d13de9067ee395dac345356361839935e

  • SHA512

    3650fd8b77b265fbb4c16cd3b38bdf5e9ac6fecfc800b2b974c08c5ca3df47fd3d9e8829823ffd2441869cc16d38c1b15eb3f4bbcb01698ed27b2bdb7f063394

  • SSDEEP

    192:1T20Zfmm/pEgyHwLNrAwVPn+mzFdcILhE/MQY7P3rGA6zqhVHBRSY:1GCa8pP+yHHLhE0N3aA6zqhfp

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68045b7877a9b9a04086754c61af21fd.exe
    "C:\Users\Admin\AppData\Local\Temp\68045b7877a9b9a04086754c61af21fd.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Users\Admin\AppData\Local\Temp\antigen.exe
      "C:\Users\Admin\AppData\Local\Temp\antigen.exe"
      2⤵
      • Executes dropped EXE
      PID:3552
    • C:\Windows\sysmail.exe
      "C:\Windows\sysmail.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:4436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\antigen.exe
    Filesize

    3KB

    MD5

    8aa82f1cf2be17479bb20a77cef6d749

    SHA1

    fcba93f838108eb257a1e4c90de2b904f9be9062

    SHA256

    df3a8fe44621252fa75caf8b7d2e3fd341d51a27fdf2969779ecdf70e13a1338

    SHA512

    72ea22c414f45d476261db516d4d1caa77d26fd011554e15fd13d8fb501b6d65e60c6ba003d69f1ca8214b7ec5c41599bc4b8ca7e77e34be3433fefa9c8be68d

    Download Submit

  • C:\Windows\sysmail.exe
    Filesize

    13KB

    MD5

    8234539bae3357cb503f92d9e3603da9

    SHA1

    62c108c1a21fdc0e75d609eeffe7da7b3e2e54aa

    SHA256

    3ee00a08b2fd684d33b4047542b1898fd03ea74a53441d7b6e7b6cc074495622

    SHA512

    222713b07f4712373e90ac1cf7ccb95b302e00ad737f85c7378262c907a81a3c4379695150752e3b05d53e1d14906f3eba04313d171a3918a2f98eb16c5c421f

    Download Submit

  • memory/2476-0-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2476-19-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4436-18-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4436-20-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4436-22-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4436-24-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4436-26-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4436-28-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4436-30-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4436-32-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download