Overview

overview

7

Static

static

3

ebdc59bfd9...75.exe

windows7-x64

7

ebdc59bfd9...75.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2024 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebdc59bfd9a84341e99f27e0bf35be75.exe

  • Size

    35KB

  • MD5

    ebdc59bfd9a84341e99f27e0bf35be75

  • SHA1

    711cc3ae6087686fe566af4def774acb26f026c7

  • SHA256

    38573945bfa86d6d86580ee0347cdf4960bdb7641f932504ecd070ac668ab2c6

  • SHA512

    c988241c971eaec9fc7a03025e1791b09eff54752b849fe5bac2ff08288f6be7004e99bc5e40755115d5bea44e37013064cf42a6eb9aa13a3d94e6dc0427d12a

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPEkO:YGzl5wjRQBBOsP1QMOtEvwDpjgarrkO

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebdc59bfd9a84341e99f27e0bf35be75.exe
    "C:\Users\Admin\AppData\Local\Temp\ebdc59bfd9a84341e99f27e0bf35be75.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    36KB

    MD5

    4e7613dfd2044b8f0dc362e9cb24c61b

    SHA1

    61a1babbb0c150aae80f27dbd8ab6ded0b46782c

    SHA256

    8fb3dc4dd7b4987a8b1c3588adce8705aab6792063a3c6cf663099366a0643b3

    SHA512

    fe3b7cad6da3115b2c9d1e22afef60e792cc2bcf3cb768670eb40898337acb1fbc3a2e588df7d352a91f3514059a2b76b97f96f460f597437a57bbd5fd65a3b0

    Download Submit

  • memory/1688-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1688-1-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1688-2-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1688-3-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1688-18-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2740-17-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2740-20-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2740-21-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download