Overview

overview

7

Static

static

3

78a80ff7aa...ff.exe

windows7-x64

7

78a80ff7aa...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2024 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78a80ff7aa6bab56c67670cbbd5832ff.exe

  • Size

    70KB

  • MD5

    78a80ff7aa6bab56c67670cbbd5832ff

  • SHA1

    c9547b8ed22ee2c2517f2625abe079ff9cd2a7f9

  • SHA256

    bb42af3329bab93eb3342d30969c099229db6105059b791d57dc7e60c392925f

  • SHA512

    3d43a72b4775b0187b5b7a14eeee57893b357d7647d774709ea412561c3ca75c1e84b3831d25edf059b7e654629a44ef7d367227a73e2d32f3a4ac980c9c4530

  • SSDEEP

    768:nPkV2JM7f3NolD+XxyDCcKRmxvAErSyZlv:nE1Z78QRmlDl

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78a80ff7aa6bab56c67670cbbd5832ff.exe
    "C:\Users\Admin\AppData\Local\Temp\78a80ff7aa6bab56c67670cbbd5832ff.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of UnmapMainImage
    PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc228.exe
    Filesize

    8KB

    MD5

    ce15529394a1a13a0561ee8fc636fee1

    SHA1

    fa37ab577f513a75f78bc7059ed7b93fddeb3a79

    SHA256

    7784d81707cdc379d753ceaddd411bba72754475fddb7f04cd435d0df6f65be4

    SHA512

    dd47a88279945ee94397e68078961169474ef42374cb9e2aec30d853613ee11f1eb01acf381050260e52c02add23fd5b0ce78d00c93d8437284178e2641fcaca

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc228.exe
    Filesize

    2KB

    MD5

    4f6b9ca9e7da65f22c7fb82e55726c25

    SHA1

    223645705b5310675551696798d92e3ceb727658

    SHA256

    90b8ef43d979a81836e66057eb583cbb57da0cd48cbf048b8b208aaed8066af2

    SHA512

    77b70336481dcce6fc9ec4df5aec9ed50269f542b8eb6e6c08d72e76b9eee0dc53c0cf7c7ffb836496cf74f9302b4013cfc01cadf71aecf4cd366b5f1edce324

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc28.exe
    Filesize

    2KB

    MD5

    aa6a2ea2b776fc9d8f8ee6c70d3bad3e

    SHA1

    5e798781b972a8bd6739ac0d768160975c38152c

    SHA256

    49ce98227bd8a86afad07a52143b9dbb16e22097cc7f3d332493da39133a34ff

    SHA512

    20d9caee870fa8e715d49d39f561ea6806fa5b19c3a6eea8216c50b10929ed7449eda78917dff892d0f82604d2e6dcf24809116a6a32fd87c6c36a3b2aafe9f6

    Download Submit

  • memory/2928-0-0x00000000001B0000-0x00000000001C7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2928-1-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2928-2-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2928-43-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2928-64-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2928-107-0x00000000001B0000-0x00000000001C7000-memory.dmp

    Filesize

    92KB

    Download