Overview

overview

7

Static

static

3

aae96fd941...30.exe

windows7-x64

7

aae96fd941...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aae96fd94101f404d269e64689567630.exe

  • Size

    2.8MB

  • MD5

    aae96fd94101f404d269e64689567630

  • SHA1

    1b04dea939130d55927f43edf9126bf33cd7400d

  • SHA256

    bd23d91adef4ee625eca72a48a312d23ba446b5efd5ddf3525a3b791f2ac8701

  • SHA512

    32270a2f63afe83774ff3d67c9e69fa4680db4a8c9846015abf9f84e82380b7ba45ccfa51281c5f21bc1f2add19fd17ba532cbdbe2df5a5d12126b33858bfcc6

  • SSDEEP

    49152:zizqF2LZ1izVUSaHjiX8cR1uNjcm3NyO5dEZrjFRbkoatNm9UbQyJ4:zLF4sVUSC7c7wjh3NNqxj3+mqUyJ4

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aae96fd94101f404d269e64689567630.exe
    "C:\Users\Admin\AppData\Local\Temp\aae96fd94101f404d269e64689567630.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ʹÓÃ˵Ã÷!±Ø¿´!.txt
      2⤵
        PID:2156

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ʹÓÃ˵Ã÷!±Ø¿´!.txt
      Filesize

      527B

      MD5

      f1017a0bd85152f3860f14c86b5a9423

      SHA1

      c5211bebd59dfa95ee6df6011b0db37edf6f9ef0

      SHA256

      fcb15564f091119d26620ab5fbbff2f97323c52eb5f4fe6e8b7b28615ab215c6

      SHA512

      2bae92d7f075c156cc82b72cab7c378cc3c648908d6c00f7715ea26a5341d21bd30c92e3ddd3589206579691aed6e7fbe8ce07b105f82bf263c3240856d5aa10

      Download Submit

    • C:\Windows\SysWOW64\SkinH_EL.dll
      Filesize

      688KB

      MD5

      bd42ef63fc0f79fdaaeca95d62a96bbb

      SHA1

      97ca8ccb0e6f7ffeb05dc441b2427feb0b634033

      SHA256

      573cf4e4dfa8fe51fc8b80b79cd626cb861260d26b6e4f627841e11b4dce2f48

      SHA512

      431b5487003add16865538de428bf518046ee97ab6423d88f92cda4ff263f971c0cf3827049465b9288a219cc32698fd687939c7c648870dd7d8d6776735c93c

      Download Submit

    • memory/2916-0-0x0000000000400000-0x0000000000D48000-memory.dmp

      Filesize

      9.3MB

      Download

    • memory/2916-1-0x0000000000EA0000-0x0000000000EA4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2916-40-0x0000000000400000-0x0000000000D48000-memory.dmp

      Filesize

      9.3MB

      Download