Overview

overview

8

Static

static

3

a3a1eb9266...eb.exe

windows7-x64

8

a3a1eb9266...eb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3a1eb9266fe726d012f151f8f215beb.exe

  • Size

    2.5MB

  • MD5

    a3a1eb9266fe726d012f151f8f215beb

  • SHA1

    d21b86ffb7ccd3badb9430aff77708e81899f180

  • SHA256

    ef1cadcbc61bbce6e0a7b839e0e4935307f4b7a67088ae300720b3a27b2b95c4

  • SHA512

    691b57f1609857adc124dd7ec2d7158249274607d806522b0091282c4eef71d65b964abe27176b101e68c41734671f63ea70dcdacc3187b115c27bff107feee6

  • SSDEEP

    49152:BTTULEnhXcKk9vENby4xXjySlDkqcoi3kHCicjhUMsxTWN0Imie:uLEnhXc9ibygXj9Yhj3kiiybsxTm0ImX

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3a1eb9266fe726d012f151f8f215beb.exe
    "C:\Users\Admin\AppData\Local\Temp\a3a1eb9266fe726d012f151f8f215beb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\AIR566D.tmp\Install Lucky Coupon.exe
      "C:\Users\Admin\AppData\Local\Temp\AIR566D.tmp\Install Lucky Coupon.exe"
      2⤵
      • Executes dropped EXE
      PID:4668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AIR566D.tmp\.launch
    Filesize

    24B

    MD5

    a8de8f53f70337245e61bf0ff5faa216

    SHA1

    805258de64a9a659ba522b4ff62cd389cb6ca5e3

    SHA256

    51c74b38779c03f1f5c429159553263bfdaeb65b93730ec15c0556507ce9bec8

    SHA512

    5e3d197177aa3be39972a56f15d2111ddcbc1735ecf0e9e321a36be99d1c58691438d1a9ff7bf6fe3855ea07acc76271b26482e54204069762b6fd486c902dd7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AIR566D.tmp\Install Lucky Coupon.exe
    Filesize

    130KB

    MD5

    a7ffdf55079873b0f041da8a56e83f29

    SHA1

    05f2ac17287372c0d953794df2e5b62f1ed8e717

    SHA256

    7e22c807669c4eedc83d2a273fc15d947d376e029c79973b8cba2b6ca49dde75

    SHA512

    2cb01b55799a603f35c694e328b0e653b8dbe1d7cfa4f52e6668093123f978b95accbaa446baeb104ed9a8b0418882119b199474faf1815faa64d7e7a269b372

    Download Submit