Overview

overview

10

Static

static

10

7dacb37610...8a.exe

windows7-x64

10

7dacb37610...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 22:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7dacb37610e680323d654261f9881495e11f24a1e14c53519771c1183e71a08a.exe

  • Size

    144KB

  • MD5

    33b30e12564983fdba9ef8842ed64f98

  • SHA1

    f358223c7ee599bb8243e3382c300b649ad63da2

  • SHA256

    7dacb37610e680323d654261f9881495e11f24a1e14c53519771c1183e71a08a

  • SHA512

    6bfaa8c3d8280b979403cb8f15dcc8274564df9239fe213e3f0cc260a9372049bef0fe02ab0a74f92c7379a83f2de64ec2ccb6b6df0efd15df8c672870e0966c

  • SSDEEP

    1536:1i+N6u0utYGsoK2mEGIBp+WWN7YfEj77iZ76vVGU2AjK15t5uPpdrcIPWAWvnTX3:wYYutRQSc/7c6tJK7t5uPpdrxOhvnTn

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dacb37610e680323d654261f9881495e11f24a1e14c53519771c1183e71a08a.exe
    "C:\Users\Admin\AppData\Local\Temp\7dacb37610e680323d654261f9881495e11f24a1e14c53519771c1183e71a08a.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:2216
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:4980

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
            Filesize

            512B

            MD5

            55d2fdd1432483e3ba86ebeccfe130b6

            SHA1

            7280b14d708800fd15303b2caa8628a0fbd7aa08

            SHA256

            5cfd1668ec0e5f3b5f8d04e54091d6f173bede6e6f9bb418819fd550095139fb

            SHA512

            36fd81128552356672b52936699c5e6362268c8131857e778e02a6862600c4feb20d13063d5f838e0887cb5083c648d39fe07faffba18c26387760752f9dd1f3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\huter.exe
            Filesize

            144KB

            MD5

            2479e9d8c4486167a4e5d34f40b7c4df

            SHA1

            51ff4128c7847b32dc9d8a1ba24d523f00df87e8

            SHA256

            572fa57976dee5dadd8ba1553203b4427337367aab81bc013746fe04c6cfd3e1

            SHA512

            1e4a958634a2f74d542b8447c87535c25efc3f19d674d03e56eb5e9f66de54d23e19502e7b4dfff53963eb39211342ef175b62529f7e3affd1f2fb05f799f6ca

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
            Filesize

            338B

            MD5

            a150ef14f69d25ab1d365ee1a8fb2c10

            SHA1

            3c6951b258dd00aba643ec43984a0490a3a5080f

            SHA256

            ef2f34d22ab011364512182c174cf89c20ca9165e47238dd8cef9d2ecbee09ef

            SHA512

            4cbedf17738765b1e2cc8953dabef974ccb47cad3c7212af1824451998ac51195fad2aafdb98b34913fd385fe505e7c387da8809d8afe3b6fb79ba465e5d70bd

            Download Submit