Overview

overview

10

Static

static

3

ab4b96a4b0...4a.exe

windows7-x64

10

ab4b96a4b0...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 07:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ab4b96a4b0ee9d31f091d6219f0a384a.exe

  • Size

    220KB

  • MD5

    ab4b96a4b0ee9d31f091d6219f0a384a

  • SHA1

    2c1f1a745ce186c3a2bbaff4c06942c0e98895c6

  • SHA256

    46b35e7623fa43defbd0812f79ec8d4200632841b7d26d8650f350ee6e822236

  • SHA512

    62473f02b3e2983b89a3de866e95b25b5d4de15c7c37333d22df6f4f5cf2a28b8254c83b07065010fb320cf3096ad1a13e0a0b6ced6c23eb0fa30648cf47f503

  • SSDEEP

    3072:VfVLWlTTbEGe9AJKlCvIUZqoWJnt5bdLFx:RVqdT3GcQ4TajHx

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab4b96a4b0ee9d31f091d6219f0a384a.exe
    "C:\Users\Admin\AppData\Local\Temp\ab4b96a4b0ee9d31f091d6219f0a384a.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4204
    • C:\Program Files (x86)\6eaefc64\jusched.exe
      "C:\Program Files (x86)\6eaefc64\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:4604
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3976 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1636

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\6eaefc64\6eaefc64
            Filesize

            17B

            MD5

            713de2425165c8df1702f4fa73675b7c

            SHA1

            8776000c93a63c318fd1dc5765010ced1568ffa7

            SHA256

            27969b723db5b2dd9c284c3351d884a535a92e6dadc44a425054fa76626a2343

            SHA512

            9b5327edc09bca4846029bda05502e34711ee843fbeccf3328253fcd2f1b399601eb613350c49e1d06098831d7b3dc8f5b2e1d1651b44e070ba70c8fedf6cf44

            Download Submit

          • C:\Program Files (x86)\6eaefc64\jusched.exe
            Filesize

            220KB

            MD5

            e8ed33674d640ddb3f3a2b6b8d3edf71

            SHA1

            0acf9ffe55e01df3f5d03c61096c400e2d29149f

            SHA256

            f82a30fc8bfed7ec39cde2a6829ea0f525af7cb6cb09f34fde0416574f7bc0b8

            SHA512

            99b0353dc7d2bf49ee68622617246ead029cb61e7f24324d847670efa912a0b149fe3143e8df9705b32cb1b77fa73d83dd2e5864be201ccdbe10df7830e60483

            Download Submit

          • memory/4204-0-0x0000000000400000-0x0000000000447000-memory.dmp

            Filesize

            284KB

            Download

          • memory/4204-15-0x0000000000400000-0x0000000000447000-memory.dmp

            Filesize

            284KB

            Download

          • memory/4604-14-0x0000000000400000-0x0000000000447000-memory.dmp

            Filesize

            284KB

            Download