Overview

overview

7

Static

static

3

87ce6acb8c...b8.exe

windows7-x64

7

87ce6acb8c...b8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87ce6acb8c10ab94532213a9ecaa73b8.exe

  • Size

    181KB

  • MD5

    87ce6acb8c10ab94532213a9ecaa73b8

  • SHA1

    29e88ebd0194eef9726bb029a0c19f100f2b65d3

  • SHA256

    d3a3fdc18d9ef5556faa90e1b6a294375e38babb76eae901a2d2aef9bb0bac93

  • SHA512

    0a1c6eab0f71c238dd9942b0cc2bb6c93aa8c7acb08a7e544aea6188e829e5269cd0bb889a303d1dfe0d0c36bcbd5b4c87f0cc07cc473bcac70ad3d594cbd9e9

  • SSDEEP

    3072:/WoSuOuJROh8UJ+1DETPskqS7tUULOWKLcDIsuLtmh0x/E:/WogYUJ+1qsToOWKLcXuhhE

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87ce6acb8c10ab94532213a9ecaa73b8.exe
    "C:\Users\Admin\AppData\Local\Temp\87ce6acb8c10ab94532213a9ecaa73b8.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Program Files (x86)\Common Files\launcher.exe
      "C:\Program Files (x86)\Common Files\launcher.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4708
      • C:\Windows\help\svchost.exe
        "C:\Windows\help\svchost.exe" install
        3⤵
        • Executes dropped EXE
        PID:380
      • C:\Users\Admin\AppData\Roaming\svchost.exe
        "C:\Users\Admin\AppData\Roaming\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:3244
  • C:\Windows\help\svchost.exe
    C:\Windows\help\svchost.exe kernel
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    PID:5036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\launcher.exe
    Filesize

    134KB

    MD5

    d01cb27bf3acd20412962c2bfbc982cd

    SHA1

    7dcef2a78e8bec1b63cba8b890e73cbf9127d2f0

    SHA256

    accd6b008ad614e9d84db94b9953a947fc6ea64c4348dfffea575eb146844e22

    SHA512

    c2e2005b3fc45ec97aa1038513705c16cbab51f674fa5e869d86bc40243a90129dd16a85b658f087540e9d2cb74bc4b5d1885b168c6952a50dbb30abe7d740e6

    Download Submit

  • C:\Windows\Help\svchost.exe
    Filesize

    83KB

    MD5

    343c54b7e33f5d91d2ccf9a5083a68e1

    SHA1

    6c75cf50d7e2dfd31774ac4925c95545357efbbb

    SHA256

    19c505af7dec8fcf6aaf29fef663a8f0de858ffa7cc404125a7d59a728ffc071

    SHA512

    8d342e38562b4ccd72d6faae73795aac6f4d5ee4be27ebcb087c13be5555414efabebb5b5749d5c97b65aa0b17dadce99c390acc7766013f05bd0e9f5afbd220

    Download Submit

  • memory/380-63-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3244-73-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4616-3-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4708-71-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/5036-72-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download