Overview

overview

7

Static

static

3

7781c11458...0e.exe

windows7-x64

7

7781c11458...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7781c1145869cdf87cf61d671247e80e.exe

  • Size

    379KB

  • MD5

    7781c1145869cdf87cf61d671247e80e

  • SHA1

    e2f76f546d3e4ff3e748fb6d4b1b3d2890c3b1da

  • SHA256

    8ade36ca05b733841f178b46dabeefcd3cadb0d91ce83e0e313b68376c75189c

  • SHA512

    6d1767dc3ef0751f7a1d4c4b43d621a48a06124780e57393e5a5a8039d66a90468e8ba09a44210d02e63ab06c0bb367755f43220c9c265f2a3c5bf1ad9cdf776

  • SSDEEP

    6144:Lu2urzh9xu/XkauJza8em0Xs0anV3Ve1h3yU1OIGtNAkoIaNOBG29J8YLj4UdC/P:Lutrzh9xOXkFa8em0X0V3U1hx1OIGtNQ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7781c1145869cdf87cf61d671247e80e.exe
    "C:\Users\Admin\AppData\Local\Temp\7781c1145869cdf87cf61d671247e80e.exe"
    1⤵
    • Checks computer location settings
    • Drops startup file
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Users\Admin\Start Menu\Programs\Startup\taskmgr.exe
      "C:\Users\Admin\Start Menu\Programs\Startup\taskmgr.exe"
      2⤵
      • Executes dropped EXE
      PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe
    Filesize

    806KB

    MD5

    47cfdf331a80b2028a1b8aca61bd191b

    SHA1

    d10bd40a735c6efbfa4fbfa6c842b4db5dba9445

    SHA256

    c1a6cb5e7d001839c2ce9d368aacf34767867bce2309f9d28de95c7985a6cd1d

    SHA512

    9ece7f127ddc29285214e7386951335719242a35001bc54c80aceb07c60f185b1eb6dce74a3b05760aec540888b529e73388f0d8ee26d4a41e3b54588e351a0d

    Download Submit

  • memory/1628-12-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-13-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-14-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-15-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-16-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-17-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-18-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-19-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-20-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-21-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-22-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-23-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-24-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-25-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/1628-26-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

    Download