Overview

overview

7

Static

static

3

a234c470b3...e6.exe

windows7-x64

7

a234c470b3...e6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a234c470b33e60e90adcede0a28124e6.exe

  • Size

    196KB

  • MD5

    a234c470b33e60e90adcede0a28124e6

  • SHA1

    1147bc85efaf30ef8d61e525080aee70a1ecc6cd

  • SHA256

    3a9d5f0879793f2758b2d0399ff7164370c2c388f23eca724ba59342d37382eb

  • SHA512

    439c2f24e53abc152d890ff763de10741a11204c45b8cf95da4cf8b543273ee4065d7f15ea34327050bc98caac8f5509cc95340b726a12673814276132949ffd

  • SSDEEP

    1536:lXBYjfC24mFVsIgvo3X4iZpTha5VlA8mx7aoL8R:lX+0mFmIgvo4iZhha5rEaoL8R

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a234c470b33e60e90adcede0a28124e6.exe
    "C:\Users\Admin\AppData\Local\Temp\a234c470b33e60e90adcede0a28124e6.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Program Files (x86)\58403580\jusched.exe
      "C:\Program Files (x86)\58403580\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:1372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\58403580\58403580
    Filesize

    17B

    MD5

    bff3d8f76e182194c4a2abf1aabba9f3

    SHA1

    07e5b604bb505a800b3e0ac16fee483b70595768

    SHA256

    6bc8a4f93eaa1b3e7cfa696855bf6a852cf6555d694bc03e337261a27e58246f

    SHA512

    0c5def3bb01ed166d4135190e131c27be4b6039987e269b6c3fca07677b3c637868397f207df631a098182a6bd3c795e6dd34541f82c5ecd6062441af0af7f50

    Download Submit

  • C:\Program Files (x86)\58403580\info_a
    Filesize

    12B

    MD5

    51cfc67c73fa2a86eed542492e8dd4a4

    SHA1

    6d71aa0d9b0c8c68ac958b34c59502ec723f97c6

    SHA256

    272d645a7c06bcd76eca300979cb20b0f5c74c1a9f66ac5280486fd172e59d09

    SHA512

    a6756ed9d767ad90971e07dd082c57533efbfb2bcf00460827f862e3957a8f84644978866cc58e6017efe552156c4bc8c171bfd482b139c93e9bb356a1e47549

    Download Submit

  • C:\Program Files (x86)\58403580\jusched.exe
    Filesize

    196KB

    MD5

    fdf91dc5a86e6049bbb6de04516f7e90

    SHA1

    00fa91553d9e37fd9f532d90e564029c98e7d4e6

    SHA256

    7ede20add1b8764cda21bf6538a89d9b35b431b477df18f93ea42c956610c250

    SHA512

    29c53372e73a46065c6c4a9ce303fbe919e3825610ef3a8d1692bc91b0273eec71637081961828823c3d40da8b5d7c2fd11eae14bee07e3ca61481ae8c880c13

    Download Submit