Overview

overview

7

Static

static

3

e1fdbfe2d5...dc.exe

windows7-x64

7

e1fdbfe2d5...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2024 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1fdbfe2d5b8d35255d29d996a89f3dc.exe

  • Size

    208KB

  • MD5

    e1fdbfe2d5b8d35255d29d996a89f3dc

  • SHA1

    a5fad1e1b5a4bc24c7183361392b03c1c016baaa

  • SHA256

    6847bfce1091e64866e9f76271f2758ca8f4cbeb27ab183033e87f9f6e75fd74

  • SHA512

    f55e7818bb971cd10fa87c93580d2829e7892b7ffbff024d7abd62d6d42eb77c37a1427f5a8cdd49153a750c79b0edf539b28371c3535688366d5ca57d623701

  • SSDEEP

    3072:7ChJgYMm4xf9cU9KQ2BxA59SPMqOogn2:XYMm4xiWKQ2BiCM

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1fdbfe2d5b8d35255d29d996a89f3dc.exe
    "C:\Users\Admin\AppData\Local\Temp\e1fdbfe2d5b8d35255d29d996a89f3dc.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Program Files (x86)\3dcaf45e\jusched.exe
      "C:\Program Files (x86)\3dcaf45e\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:2172
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2264,i,7994609493164365963,13212734413040148104,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4424

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\3dcaf45e\3dcaf45e
      Filesize

      17B

      MD5

      89931a70501a3362b6823b53523f5a77

      SHA1

      88c7e199c462ed8cc3af0ba453512b5b1fdcfdb5

      SHA256

      d30d9a0e64bc9f4a306617f087f30de6d57a5413793ab7bde13a299777a1b254

      SHA512

      8fa7ab4824ae86f3f47b3718c11f79ef275dd0639396572eaeb1262ad9153ccf43c633a7b292e30c97370436a09f22fbcf817a802015650ffb1f84d2b83483bd

      Download Submit

    • C:\Program Files (x86)\3dcaf45e\jusched.exe
      Filesize

      208KB

      MD5

      37018edef6dee64df6e1e06fad7686a7

      SHA1

      8efab9f5f5e9c9a375872061add0b1484af9a4c2

      SHA256

      3109ce49eef57f42cc4acaa7e3c36bd2db9f7a9d398fb054fa17e87e5ef29939

      SHA512

      c4c34ef283c6483ade259afdf5af588dba969f5e900110b2983b1458528e07268914e796f4067121067a624a5ebb74977853b0df6594051215c73fd99c544f90

      Download Submit

    • memory/2172-13-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2172-16-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/4776-0-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/4776-14-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download