Overview

overview

7

Static

static

3

99f2b1b846...36.exe

windows7-x64

7

99f2b1b846...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 19:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99f2b1b846669ed84053762dd6be1136.exe

  • Size

    30KB

  • MD5

    99f2b1b846669ed84053762dd6be1136

  • SHA1

    63ffbac77947fdd0b6ccf7b2e395d4c801d69b65

  • SHA256

    313421637871ff09af2e86a977192434348d19e31c61acaa60d1c18a0870f0c6

  • SHA512

    19dbc53663ad48091be93e200d61661dfb8c630f9c5a6ffec33d56b3c2669db584b625be19443f707763bd0acda1728f3b145aaab87272a939f112bb143de64a

  • SSDEEP

    384:5ggUkUTjZ/jJGcMJxDTHfRmiJGcMJxDTHfRmiJGcMJxDTHfRmw:igUkUTFlMTDT/RmMMTDT/RmMMTDT/Rmw

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99f2b1b846669ed84053762dd6be1136.exe
    "C:\Users\Admin\AppData\Local\Temp\99f2b1b846669ed84053762dd6be1136.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Users\Admin\AppData\Local\Temp\Arch1.exe
      "C:\Users\Admin\AppData\Local\Temp\Arch1.exe"
      2⤵
      • Executes dropped EXE
      PID:1528
    • C:\Users\Admin\AppData\Local\Temp\Arch2.exe
      "C:\Users\Admin\AppData\Local\Temp\Arch2.exe"
      2⤵
      • Executes dropped EXE
      PID:1372
    • C:\Users\Admin\AppData\Local\Temp\Arch3.exe
      "C:\Users\Admin\AppData\Local\Temp\Arch3.exe"
      2⤵
      • Executes dropped EXE
      PID:4288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Arch1.exe
    Filesize

    6KB

    MD5

    070045656fd1b41a6c802ce4f1fe32c6

    SHA1

    63f5c479b73cffed1961784a55c98113fe0620ce

    SHA256

    4f3873895a3bfc60f75e0bc1994517affa4311f2a90aefeb66cb0e7e8e7f5d56

    SHA512

    cfdb32fb3963f21a4fe0c9805d2c35921678cbd13885b975824b994a2fcd2cb5db65e4571fd0d8a9734266333684de7f5fde7eb6f198ffb05e7c545557f44aa3

    Download Submit

  • memory/1528-26-0x0000000000400000-0x0000000000401800-memory.dmp

    Filesize

    6KB

    Download