Overview

overview

10

Static

static

3

755d36df27...d1.exe

windows7-x64

10

755d36df27...d1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 19:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    755d36df2791624141aba122e61f68d1.exe

  • Size

    68KB

  • MD5

    755d36df2791624141aba122e61f68d1

  • SHA1

    f17d82763454de3e9223cfeb009c996932bdfafb

  • SHA256

    eafcbca25eda278dae14f6c7e50de16d65a89abe1e40a8ff2a3cb1d4d3b8a894

  • SHA512

    2ddb0a1d44e03bcdccdbead253db040fbaa4450282d79e280baf9945d872764240d712caf7c16a1377bcb495902f7463f45547c1b1c9dd6fa8ecc00c68bf54f6

  • SSDEEP

    768:zcPliTd+GoAAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:4PIx/oAAcqOK3qowgnt1d

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\755d36df2791624141aba122e61f68d1.exe
    "C:\Users\Admin\AppData\Local\Temp\755d36df2791624141aba122e61f68d1.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Users\Admin\Admin.exe
      "C:\Users\Admin\Admin.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3512

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Admin.exe
          Filesize

          68KB

          MD5

          9ff8df49bfa9c55107f7e0be5b3e07bb

          SHA1

          db44c6f19b65efa13c87ee82462b0652ea81b5a9

          SHA256

          6b1341b874297f2353e639059d42574c00ec60aac98b8ac31c9a890af5a02845

          SHA512

          ebd00c334ee0847be131a0ebac40a8b871ac7c52498d5fee3747bf4d086a352350582170783ec650bb2dc45386284dc709520b8ba75d335ca8ede007ae6809de

          Download Submit

        • memory/2384-0-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/3512-33-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download