Overview

overview

7

Static

static

3

9a33c23302...b1.exe

windows7-x64

3

9a33c23302...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a33c23302e46a64349b447851a554b1.exe

  • Size

    121KB

  • MD5

    9a33c23302e46a64349b447851a554b1

  • SHA1

    2465640efa1bfc823ece142509d3dd2849be1cdf

  • SHA256

    9af9210eef9fbc108e7a625ea4b6cfc57313d4a9fbe3c32b82712870d5218c01

  • SHA512

    f54ba9a221e24b241f57facc609eb290e02f2e5d9ea67fdc9223611ed984e6981632535660a96f6f3badcd710eb2bb19cade4a85387f318e56093c39632af137

  • SSDEEP

    3072:azNWMKKRZYchObK91C8sV6Xmoo4L2SSTJK5i3:aZuuObR8sVImc2SSTJp3

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a33c23302e46a64349b447851a554b1.exe
    "C:\Users\Admin\AppData\Local\Temp\9a33c23302e46a64349b447851a554b1.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3624
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\jagi.jpg.vbs"
      2⤵
        PID:576

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\jagi.jpg.vbs
      Filesize

      4KB

      MD5

      8285f979380bc9f61f9613d9b04fb938

      SHA1

      f3ac8de375dfb2403b64bd161c6485365ff31b69

      SHA256

      daba03a6b029e8482d3dc4d9bbe7f65b920c89449625080694e6965ad34ff4a5

      SHA512

      42455307ce282a1323c7c7eb2454acf1b8b176a8d6ab63905431b6315f80b7209570896b488d57a46f4a8854270faafb2c1c7ced2d35e9de0e90d423726b165a

      Download Submit

    • memory/3624-0-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    • memory/3624-6-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download