Overview

overview

7

Static

static

3

00957f09b8...e8.exe

windows7-x64

7

00957f09b8...e8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 18:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00957f09b84f6fe5515fb16571671e594d920fa23fcb277f48c968566f80d4e8.exe

  • Size

    65KB

  • MD5

    05fb20bd1634906c40aa68847700faf2

  • SHA1

    dc7203965e95128a551e8c26b063f8ef4fe0e321

  • SHA256

    00957f09b84f6fe5515fb16571671e594d920fa23fcb277f48c968566f80d4e8

  • SHA512

    6691e86f4e08eecc883446f36b5248e20c03beab1b049d081e2e239ffe4e59e8c1811ba0e3d13b4f5fc770c9d7715db9e2c124f6ca745dc67158a996e53ae8ef

  • SSDEEP

    768:7I4DD+LzjPsED3VK2+ZtyOjgO4r9vFAg2rqnpd2GRqDKT:71DD+LzjYTjipvF2zu

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00957f09b84f6fe5515fb16571671e594d920fa23fcb277f48c968566f80d4e8.exe
    "C:\Users\Admin\AppData\Local\Temp\00957f09b84f6fe5515fb16571671e594d920fa23fcb277f48c968566f80d4e8.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3148
    • C:\Users\Admin\AppData\Local\Temp\fahik.exe
      "C:\Users\Admin\AppData\Local\Temp\fahik.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fahik.exe
    Filesize

    66KB

    MD5

    17dc92815eca24501707aadeb926f58a

    SHA1

    06654b9857942206c7053096a4d3fd868a6c4076

    SHA256

    9b4ae93af410c073a111c3c1ac78fe0c4e58966868b4237b83440ea6147931f2

    SHA512

    6aee552fa3412458fe1f4f6ad0342d5c4611e464d4b76d6067698c8f047310c44a25a04058d5ca061cb30b221102502b30fe3afc2763617027cfb48e54bb4565

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\temp23.exe
    Filesize

    80KB

    MD5

    3e788b1604fbf25cd28ccea329595927

    SHA1

    b18c98da558cc926a196041da1338b3d87065d17

    SHA256

    dfb1ecaf48b1968cbbda72a7b77ef08955be8ff1f72bd276c2fc6bbf6bcde48a

    SHA512

    0e889a5e39616ea9e059e269959c35b5aebd44dd771d34a6da76480d6e952002eab16eae258e376f82bd601df5060b76df0965467fdcadcf5c455a4370b8258a

    Download Submit

  • memory/2920-9-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3148-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download