Overview

overview

7

Static

static

3

76acbdbc18...b2.exe

windows7-x64

7

76acbdbc18...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/01/2024, 06:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    76acbdbc185a25292d8143b2318f5fb2.exe

  • Size

    293KB

  • MD5

    76acbdbc185a25292d8143b2318f5fb2

  • SHA1

    570a1001603563087c5e181c12f94c56de1804f9

  • SHA256

    acb9f1deb90e1fcfa327f3b6df5ab0e282cb996b3e88fb4d62acfb52e478f914

  • SHA512

    a53be5eee4b1b46f998fb6ea24b6e9ea528b558dc92b88c7deeb551a5833e5f7d963a322b9dd6bf5a34537584887fe1cf2eadbf4c7b030b9cede679fb825d49a

  • SSDEEP

    6144:mu2urzh9xu/Xkau/8VM5MKxbTeaLoWVG8JCXUhmYiT6b2JK8jb+:mutrzh9xOXkUVMGtU8YUon8v+

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76acbdbc185a25292d8143b2318f5fb2.exe
    "C:\Users\Admin\AppData\Local\Temp\76acbdbc185a25292d8143b2318f5fb2.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3812
    • C:\Users\Admin\AppData\Local\Temp\fi500.exe
      "C:\Users\Admin\AppData\Local\Temp\fi500.exe"
      2⤵
      • Executes dropped EXE
      PID:3340

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\fi500.exe
          Filesize

          492KB

          MD5

          fde6ceb49a85eb351adc717f4583a534

          SHA1

          7ec576adfb830bdb4acf9f699856c1d5dfa9201d

          SHA256

          899f427b8a2e9a4d1e2b502c494c16a2f5281b8974a9fe3707cdcf43c020c30d

          SHA512

          b6d81a74ada77881b582f466d423a2ec977f97366fef4433784962f38f568ca274f059055b073dc5ff136d756ca596654009e76d83d57f6fd2374ce78d96f64d

          Download Submit

        • C:\more.txt
          Filesize

          2B

          MD5

          81051bcc2cf1bedf378224b0a93e2877

          SHA1

          ba8ab5a0280b953aa97435ff8946cbcbb2755a27

          SHA256

          7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

          SHA512

          1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

          Download Submit

        • memory/3340-9-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3340-18-0x0000000001200000-0x0000000001281000-memory.dmp

          Filesize

          516KB

          Download