Overview

overview

7

Static

static

3

d60f4c44dd...0a.exe

windows7-x64

7

d60f4c44dd...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 12:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d60f4c44dda572a14913f6f8b773940a.exe

  • Size

    89KB

  • MD5

    d60f4c44dda572a14913f6f8b773940a

  • SHA1

    3ffce3cc05bd2efdb6890956e7f25d7f056eeab0

  • SHA256

    f5b3c2d260cb012e89c1c76518c3b8e2272e09958b3dfb111b16881901cc0df9

  • SHA512

    864afcdbb2f5d254048189846241a5ffb2a5b5536968510e350a4221c32d1d4c4aa5c8f35d935784d933988d25340f9cd3785195304994181dcf536b8d67e15e

  • SSDEEP

    1536:6lJGp9e6lBy1zeA6uCQ1m1vosCeSpMuJ/Qvlc7KLCIV1FI+L:6lJGp9e6lByooCQ1m5QRJelsKL3FIq

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d60f4c44dda572a14913f6f8b773940a.exe
    "C:\Users\Admin\AppData\Local\Temp\d60f4c44dda572a14913f6f8b773940a.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3460
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ulp..bat" > nul 2> nul
      2⤵
        PID:4192

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Ulp..bat
      Filesize

      210B

      MD5

      1b6a896383faf59926b4c86565cc4918

      SHA1

      71ad6fcdf31e7a0d2ce9cd19902e4a95cbba9bdd

      SHA256

      07c491d3fe12c953a039bb007f54968a00d33a5a7f7a1931528007b19a476344

      SHA512

      fb2fe69b601e191a33a4dd7f8d7077ac55684cd7bae4abe7be462a16c7dd3a5a26371172ca2756e43138454cf67f4bfd66848f24dc44b3d691f6aa727bf8b7f8

      Download Submit

    • memory/3460-0-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3460-1-0x0000000002190000-0x0000000002191000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3460-2-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3460-3-0x0000000002200000-0x0000000002201000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3460-5-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download