Overview

overview

7

Static

static

3

d62d82ecca...9c.exe

windows7-x64

7

d62d82ecca...9c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2024 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d62d82eccae9cae541c55262b4fe3a9c.exe

  • Size

    251KB

  • MD5

    d62d82eccae9cae541c55262b4fe3a9c

  • SHA1

    9d4e8e4ea2bab28949149634c1c072b8e4686d7e

  • SHA256

    37c75e9276f33dd445d4cf3b8c4a8450e014f84c317c58a1fc93835280b195e4

  • SHA512

    efd27d504f00c889a141ae514d4544c9d20760faa9fa6010c3e8dd729dead716d80459ba36aa95a68e11d316869ef346a6feb22b8b5ce137dd6a0dbecd0f64f3

  • SSDEEP

    6144:HRJ7FvZHQ4X/thAv0i6gd+oMNRWESkW/RxgzMk3rn:HH04vEv0gUocRfSRpx6z

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d62d82eccae9cae541c55262b4fe3a9c.exe
    "C:\Users\Admin\AppData\Local\Temp\d62d82eccae9cae541c55262b4fe3a9c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Users\Admin\AppData\Local\Temp\d62d82eccae9cae541c55262b4fe3a9c.exe
      C:\Users\Admin\AppData\Local\Temp\d62d82eccae9cae541c55262b4fe3a9c.exe
      2⤵
      • Checks computer location settings
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1936
      • C:\Windows\lsass.exe
        "C:\Windows\lsass.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:1712
        • C:\Windows\lsass.exe
          C:\Windows\lsass.exe
          4⤵
          • Checks computer location settings
          • Drops startup file
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2084
          • C:\Windows\SysWOW64\net.exe
            "C:\Windows\System32\net.exe" stop sharedaccess
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:3896
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop sharedaccess
              6⤵
                PID:4272
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:5104

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\lsass.exe
        Filesize

        251KB

        MD5

        d62d82eccae9cae541c55262b4fe3a9c

        SHA1

        9d4e8e4ea2bab28949149634c1c072b8e4686d7e

        SHA256

        37c75e9276f33dd445d4cf3b8c4a8450e014f84c317c58a1fc93835280b195e4

        SHA512

        efd27d504f00c889a141ae514d4544c9d20760faa9fa6010c3e8dd729dead716d80459ba36aa95a68e11d316869ef346a6feb22b8b5ce137dd6a0dbecd0f64f3

        Download Submit

      • memory/1712-18-0x0000000010000000-0x0000000010048000-memory.dmp

        Filesize

        288KB

        Download

      • memory/1936-0-0x0000000000400000-0x0000000000498000-memory.dmp

        Filesize

        608KB

        Download

      • memory/1936-2-0x0000000000400000-0x0000000000498000-memory.dmp

        Filesize

        608KB

        Download

      • memory/1936-3-0x0000000000400000-0x0000000000498000-memory.dmp

        Filesize

        608KB

        Download

      • memory/1936-5-0x0000000000400000-0x0000000000498000-memory.dmp

        Filesize

        608KB

        Download

      • memory/1936-6-0x00000000006D0000-0x00000000006D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1936-20-0x0000000000400000-0x0000000000498000-memory.dmp

        Filesize

        608KB

        Download

      • memory/2084-22-0x0000000002750000-0x0000000002751000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2084-25-0x0000000000400000-0x0000000000498000-memory.dmp

        Filesize

        608KB

        Download

      • memory/2084-26-0x0000000002750000-0x0000000002751000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4452-1-0x0000000010000000-0x0000000010048000-memory.dmp

        Filesize

        288KB

        Download