Overview

overview

10

Static

static

10

41e8139f94...d6.exe

windows7-x64

9

41e8139f94...d6.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    165s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6.exe

  • Size

    190KB

  • MD5

    2904e1d18f4612385eb7f297ba159da9

  • SHA1

    7120688825835a98b51e9dfbe558f8287fa57062

  • SHA256

    41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6

  • SHA512

    b019ff6c9b64d4e33675907175138e69663b4b5c7d8ae922788d66b676f89688ffd3cc741b336acecc96951ac09b865e2e5ca9727005eabbfdf2e5ea4898a99a

  • SSDEEP

    1536:oxJXH2aHwM7saKGupZ1qG8DAR8bQykqQxuMZztsRo/bK4LsKL13lP47:oxQM7VupZ1BGvBQxufRq8

Score
9/10

Malware Config

Signatures

  • Detects executables built or packed with MPress PE compressor 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6.exe
    "C:\Users\Admin\AppData\Local\Temp\41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4932
    • C:\Users\Admin\AppData\Local\Temp\lifikuri.exe
      "C:\Users\Admin\AppData\Local\Temp\lifikuri.exe"
      2⤵
      • Executes dropped EXE
      PID:3328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lifikuri.exe
    Filesize

    190KB

    MD5

    f24116ce4542f164232e4ded3e5a24d0

    SHA1

    424474136caaea2be145715f8f40b7c3b97a76c7

    SHA256

    aca1573c7cbd82f8f31730669728f147a13e4190f91ff90ef0f6be5f3e2d9a04

    SHA512

    eec28f39cd2a04427eed8ad5868c6162bd3a2a79bd2402191533b1b6f60233a766c0ff72778a6a2d1f3ed1a6b6ec872b7af4e106265c0f2feaddb29755a90f32

    Download Submit

  • memory/3328-14-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/4932-0-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/4932-1-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download