Overview

overview

7

Static

static

3

a96098e70d...2b.exe

windows7-x64

7

a96098e70d...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2024 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a96098e70dbc481d2fe4a9c01078f42b.exe

  • Size

    61KB

  • MD5

    a96098e70dbc481d2fe4a9c01078f42b

  • SHA1

    8531825926b2683a601faf7ef2144c3483a5e914

  • SHA256

    842828aab1ddc556445780d829672ab1510e2fdbb319d12dae039ef860747588

  • SHA512

    8b4b282b0d50a53b29f653bcacc6653edc44f253ffa0482273929c4b4fd685029e8e86cf2870d93a0ed4ee27dcc13638c28747e97780aee14661586666dfcf02

  • SSDEEP

    1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHay:btng54SMLr+/AO/kIhfoKMHdo

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a96098e70dbc481d2fe4a9c01078f42b.exe
    "C:\Users\Admin\AppData\Local\Temp\a96098e70dbc481d2fe4a9c01078f42b.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    61KB

    MD5

    2403bf5b9efef9a064ed3e57116ccb53

    SHA1

    39fe2c7d87fd6424f0331522f47b94b1904037ca

    SHA256

    90b34e19aef4e7bbb097e1de46e18ea4b3e02c49a64554259a44bcb381b729b5

    SHA512

    69614584508feb462f8fd9f44b78b547dccd4e0af7ac7c0d1fc569b30badfa868e8d6f3ede57192b73f7ce418833f93981d1906f0ee7154ced1bb310d0bcbaab

    Download Submit

  • memory/1868-0-0x0000000002350000-0x0000000002356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1868-1-0x0000000002350000-0x0000000002356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1868-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1932-20-0x00000000020D0000-0x00000000020D6000-memory.dmp

    Filesize

    24KB

    Download