Overview

overview

7

Static

static

3

b68ca2ee86...1c.exe

windows7-x64

7

b68ca2ee86...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b68ca2ee86c2eaf0b48a7800fdae526cfe35d78d661ba59f54a1f0a551e6ab1c.exe

  • Size

    59KB

  • MD5

    59fdece045858c2f23cb592588d4b0a9

  • SHA1

    95f1521e791c23d3c77dfd2433bfb98cefe08639

  • SHA256

    b68ca2ee86c2eaf0b48a7800fdae526cfe35d78d661ba59f54a1f0a551e6ab1c

  • SHA512

    2af62e19e289a11ae3547c9baecf9543c08e28ee4d6afd7d86296dc978900f16d8903e65acf683ba4dc9240a31ce4888fbfe0fc9ccd9cb06b43f59ee6d15a713

  • SSDEEP

    768:G9X2bnEpieDA62eIHwhzMnUJ30XbLt3EDEAndeVFi7IstDdj4NBnY:kXaEoMA62ZYYUN0rxKOFi7MnY

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b68ca2ee86c2eaf0b48a7800fdae526cfe35d78d661ba59f54a1f0a551e6ab1c.exe
    "C:\Users\Admin\AppData\Local\Temp\b68ca2ee86c2eaf0b48a7800fdae526cfe35d78d661ba59f54a1f0a551e6ab1c.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1184
    • C:\Users\Admin\AppData\Local\Temp\mtvhits.exe
      "C:\Users\Admin\AppData\Local\Temp\mtvhits.exe"
      2⤵
      • Executes dropped EXE
      PID:64

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mtvhits.exe
    Filesize

    59KB

    MD5

    20f0f20c43fdc2503df74dc18ec916c7

    SHA1

    3df3d4ea46a49efb3c2beffee4cd11891f0753bd

    SHA256

    3236c14b36f251fc711983453e070b23ff6865d3b84c00122a6af08e5915bc3b

    SHA512

    d1d0bc73498fc217d7a9dbefe2e8cd3a14dcc7c02bc54711de3cb44090dd4784c1088b9d39ac0876efb49ec573e0516718dffff98f3a7eb6a7a62a3a4e215a03

    Download Submit

  • memory/64-12-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1184-0-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1184-1-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download