Overview

overview

7

Static

static

3

b8e33469d3...c8.exe

windows7-x64

7

b8e33469d3...c8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2024 03:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8e33469d3321e05b4952bd5ba2d68c8.exe

  • Size

    30KB

  • MD5

    b8e33469d3321e05b4952bd5ba2d68c8

  • SHA1

    79010855d9696fa24409649d016010ff8a507bdf

  • SHA256

    cf7120a8ab25f9d69e936cb8968fefcb9e4a4717d2bf7e63a3884f3d0da7682f

  • SHA512

    23bc6e7dea3363a14d2d8679d3a4965bb78ea5f0cb0a4fbf324d36c98e07293d4ecd9bc3600c719228b83282b7f651b885433ff6f5d1bd752b4e5024762f1cd8

  • SSDEEP

    768:q0ZziOWwULueOSdE8tOOtEvwDpjeWaJIOc+4tH1:q0zizzOSxMOtEvwDpj/arqV

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8e33469d3321e05b4952bd5ba2d68c8.exe
    "C:\Users\Admin\AppData\Local\Temp\b8e33469d3321e05b4952bd5ba2d68c8.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    30KB

    MD5

    ace3dfc2e2684d4355671add88ff7e98

    SHA1

    85312ebabd3f5d2c10f757e14c1ce484a53c94e7

    SHA256

    a4162443b3e6c3382ce2f83fc2bd6f92cb88f40ff0d8f67f78a74d8ba7a1d7cc

    SHA512

    7f463a711c70104ff180d3dae632edc4d5bbae7560f23a88eb6ba2c44da9c0f8c3b09590865aaa749bd4efe0deed6d53804f5234b2e18cdc1400a078ae3237be

    Download Submit

  • memory/3020-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3020-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3020-3-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3020-2-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3020-17-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3504-25-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3504-19-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3504-26-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download