Overview

overview

7

Static

static

3

78a80ff7aa...ff.exe

windows7-x64

7

78a80ff7aa...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78a80ff7aa6bab56c67670cbbd5832ff.exe

  • Size

    70KB

  • MD5

    78a80ff7aa6bab56c67670cbbd5832ff

  • SHA1

    c9547b8ed22ee2c2517f2625abe079ff9cd2a7f9

  • SHA256

    bb42af3329bab93eb3342d30969c099229db6105059b791d57dc7e60c392925f

  • SHA512

    3d43a72b4775b0187b5b7a14eeee57893b357d7647d774709ea412561c3ca75c1e84b3831d25edf059b7e654629a44ef7d367227a73e2d32f3a4ac980c9c4530

  • SSDEEP

    768:nPkV2JM7f3NolD+XxyDCcKRmxvAErSyZlv:nE1Z78QRmlDl

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\78a80ff7aa6bab56c67670cbbd5832ff.exe
    "C:\Users\Admin\AppData\Local\Temp\78a80ff7aa6bab56c67670cbbd5832ff.exe"
    1⤵
    • Checks computer location settings
    PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc126.exe
    Filesize

    2KB

    MD5

    3ffa55409b6dd152c54c3f30b0e9fd85

    SHA1

    ec7f2d983d6c8238799e679bff910762dcb522db

    SHA256

    720f1337753e79c27130f38ccf97867a9a819e5df8380afda23603b9342b6fd7

    SHA512

    73c589e7c942785bc898423f5c6fa300a5602c101caafc033f531306fffc26d672475e6596025a62886118529698e0ed9dda22c3668db418aa9eb758d75344ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc82.exe
    Filesize

    8KB

    MD5

    ce15529394a1a13a0561ee8fc636fee1

    SHA1

    fa37ab577f513a75f78bc7059ed7b93fddeb3a79

    SHA256

    7784d81707cdc379d753ceaddd411bba72754475fddb7f04cd435d0df6f65be4

    SHA512

    dd47a88279945ee94397e68078961169474ef42374cb9e2aec30d853613ee11f1eb01acf381050260e52c02add23fd5b0ce78d00c93d8437284178e2641fcaca

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc82.exe
    Filesize

    2KB

    MD5

    41673fd1944bcce6621c5cabc0154df2

    SHA1

    8f204b68c2274e384c7035bb11c5d1c712c2fd4f

    SHA256

    b56616a538b4a98e4661331678c583eb0d5f8209baba16cbd15badf72b2b281b

    SHA512

    1ef689f559f5889d55407ff6db585d029dd9d660298ed2fa4b54c86b657eed4f0c276761fcc4230ef9467da8ac92a9aed3a8cf1cf548a1bd5d39dc0b5449fe76

    Download Submit

  • memory/1512-0-0x00000000005D0000-0x00000000005E7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1512-1-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1512-2-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1512-43-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1512-64-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download