Overview

overview

7

Static

static

3

ba9ac06896...51.exe

windows7-x64

7

ba9ac06896...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-03-2024 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba9ac06896008c7e6274e64ad53d5c51.exe

  • Size

    407KB

  • MD5

    ba9ac06896008c7e6274e64ad53d5c51

  • SHA1

    7e472d54c128c55ec61494fb5d26aaeffcab278d

  • SHA256

    e5ee8a7f26cf6a76e153bc3920f6a7ed580d59bf369b30af800f91222f8f320e

  • SHA512

    1aea79dce3d3a083d671d8e10da9ecd4a841070d2ef0c248e661f8346491cf6fdb1be284980e217bfdfa1473b08525ae24683c5e9f85633dbe7fe3021f277d40

  • SSDEEP

    6144:gu2urzh9xu/XkauB1w/WnGWxghmvljL+J+p4a8Ea0QBK1doiCS0Sli:gutrzh9xOXkk/wfimvljOPK1d3hbli

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba9ac06896008c7e6274e64ad53d5c51.exe
    "C:\Users\Admin\AppData\Local\Temp\ba9ac06896008c7e6274e64ad53d5c51.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Users\Admin\AppData\Local\Temp\Mod Seguranca.exe
      "C:\Users\Admin\AppData\Local\Temp\Mod Seguranca.exe"
      2⤵
      • Executes dropped EXE
      PID:2284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Mod Seguranca.exe
    Filesize

    2.1MB

    MD5

    e735e65f71d41659d2ddb9506c73e856

    SHA1

    3b70a8f4046c4b960ca92c86c903ed0f07841dee

    SHA256

    5b9423cbf181f0e78bdd34c5a3ad517d503eba44a782edafa98bc890d51155df

    SHA512

    890b6606349fe3aa6531149490d82ebcb0ce0bb314b22ae808549f6763cdc16cc7cabfa5fe7a061f12803423adcf04fd0fbd48267ee63a8a81735bbc081e0fb2

    Download Submit

  • memory/2284-9-0x0000000002270000-0x0000000002271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2284-10-0x0000000006080000-0x0000000006295000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2284-12-0x0000000002270000-0x0000000002271000-memory.dmp

    Filesize

    4KB

    Download