Overview

overview

7

Static

static

3

3b40a93ef1...74.exe

windows7-x64

7

3b40a93ef1...74.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    108s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b40a93ef10acf6a9c9f454ebf041f74.exe

  • Size

    85KB

  • MD5

    3b40a93ef10acf6a9c9f454ebf041f74

  • SHA1

    e5e626ff2a83dd38db0ba266938567ac5dda98f1

  • SHA256

    653b2dcdf3122e2bfa42e53393e4db571463a55313d983b4d3a75da404a150a5

  • SHA512

    b7533027a50725676a42b67410c6b728e55559297353a11489f4e07bf855b089d70c52fba27c10fbd24b064296aca197f03237328a5591d576ea60e44fe0b598

  • SSDEEP

    768:fT2NXnFk5dPsED3VK2+ZtyOjgO4r9vFAg2rqZGjU+X95u3goQUi:C1SYTjipvF2Xxru3go+

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b40a93ef10acf6a9c9f454ebf041f74.exe
    "C:\Users\Admin\AppData\Local\Temp\3b40a93ef10acf6a9c9f454ebf041f74.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
      "C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3408
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4660

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\fcbnaf.exe
      Filesize

      85KB

      MD5

      190659800bfd18cfcc9d7320e06d2eeb

      SHA1

      aafa939c00b12dd36d972208876331e537546366

      SHA256

      457311ac2bff31b078c5d0a7443d082ae5de67999dfed73bebf0df0cb2227b90

      SHA512

      f564d486e2c176bf239a314fb9b6f48835f5a332b2433651dec8c040a8c78f12bee99eb2e6e911377a5b50395043eff002c973499ec5fbb90dbcf4d95f4c5500

      Download Submit