Overview

overview

7

Static

static

3

85bc2e8133...bb.exe

windows7-x64

7

85bc2e8133...bb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 02:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85bc2e8133ed78631bab10a4af9468bb.exe

  • Size

    11KB

  • MD5

    85bc2e8133ed78631bab10a4af9468bb

  • SHA1

    1c409c5ec7fef0b3846a55e78b3a10fffdc4c0db

  • SHA256

    6206ac68cac9a9604d95e1b51751e9d369f6777d78fdf54005edd0a4eac8feaf

  • SHA512

    e93d176734bb091c31bfbb0943fdfc8401cdcaa1281ef4ba2f6e47a176c38fe7d1c4215339b2c4642236548dc75fbbf28491e0a78097b9f87c9b272837a493d7

  • SSDEEP

    192:3ZH+V+cXezwP+OKrG1B141KLQpVgd6VHvk:Z+IcXeUPSrCB1sKLQpVgMHM

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85bc2e8133ed78631bab10a4af9468bb.exe
    "C:\Users\Admin\AppData\Local\Temp\85bc2e8133ed78631bab10a4af9468bb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Roaming\winlogon.exe
      "C:\Users\Admin\AppData\Roaming\winlogon.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3364
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\MDM45B4.tmp_melt.bat
      2⤵
        PID:4616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\MDM45B4.tmp_melt.bat
      Filesize

      266B

      MD5

      b7761e54cd09858a285a5278ee629dd1

      SHA1

      553c4c0f37c92a2b354cf657b3518f7b7542925b

      SHA256

      7e61c9f15c4a2a349e87d988927ca60b8a83d0c763d619923f14ee4ce9e6f326

      SHA512

      cedae2e43a866b7616028e8c7ccfa6730d0e300e2292a53fb04f979ab6b9f05237747953bd1d199976fb2852b0d11e610cee6c31f443a482132e38a33db08bc9

      Download Submit

    • C:\Users\Admin\AppData\Roaming\winlogon.exe
      Filesize

      11KB

      MD5

      85bc2e8133ed78631bab10a4af9468bb

      SHA1

      1c409c5ec7fef0b3846a55e78b3a10fffdc4c0db

      SHA256

      6206ac68cac9a9604d95e1b51751e9d369f6777d78fdf54005edd0a4eac8feaf

      SHA512

      e93d176734bb091c31bfbb0943fdfc8401cdcaa1281ef4ba2f6e47a176c38fe7d1c4215339b2c4642236548dc75fbbf28491e0a78097b9f87c9b272837a493d7

      Download Submit