Overview

overview

7

Static

static

3

aa86e3b979...4b.exe

windows7-x64

7

aa86e3b979...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa86e3b979005aef3d6ba087a699514b.exe

  • Size

    540KB

  • MD5

    aa86e3b979005aef3d6ba087a699514b

  • SHA1

    7b1915ef0d0b3caaaa0040f7b80541414caa0cc5

  • SHA256

    5a7fea2951fc0d8182ad23d8f424e6f286ea77979a4e904321f165921d85d385

  • SHA512

    f122728ddce70c6b0eb87c50ac55b9682994a45221614ff5f5f7fde551777dbf7102975d9645b5717bd5b7068e84fd46156a1b836232759a016799d45424af7e

  • SSDEEP

    12288:bYoDL647vcNF5BBYCIcF9k0uJ+xVtPL4CscggpCgd:bZ3mk8kQxTP0CdgJG

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa86e3b979005aef3d6ba087a699514b.exe
    "C:\Users\Admin\AppData\Local\Temp\aa86e3b979005aef3d6ba087a699514b.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Users\Admin\AppData\Local\Temp\Webcard-Terra_imagem-001.exe
      "C:\Users\Admin\AppData\Local\Temp\Webcard-Terra_imagem-001.exe"
      2⤵
      • Executes dropped EXE
      PID:4064
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\FirewallControlPanel.dll,ShowWarningDialog "C:\Users\Admin\AppData\Local\Temp\aa86e3b979005aef3d6ba087a699514b.exe"
    1⤵
    • Modifies registry class
    PID:3616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Webcard-Terra_imagem-001.exe
    Filesize

    383KB

    MD5

    7132a4993e8c8ccdefe7957054a74c18

    SHA1

    5bea59ab825a54b68806e2b7bf8a7a61c8ea1974

    SHA256

    40fb5f45399875e85d253d6136aa1d39c349e98585b4a6896ecdbc775169d5f2

    SHA512

    1421448f67b6570feed383298498e3f6dde65a6096a93b8f239a02ac43e01b35424b4fc572db879e242f495316fbc307dea37849568b5c9f8666e6bf0242afd6

    Download Submit

  • memory/2752-4-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-8-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-1-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-0-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2752-9-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-6-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-3-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-7-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-5-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-10-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2752-14-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-2-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-26-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2752-27-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/4064-28-0x0000000000520000-0x0000000000521000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4064-29-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download