Overview

overview

7

Static

static

7

0e7f2e60f9...0d.exe

windows7-x64

7

0e7f2e60f9...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 19:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0e7f2e60f9100404b9fffc84458d2e0d.exe

  • Size

    34KB

  • MD5

    0e7f2e60f9100404b9fffc84458d2e0d

  • SHA1

    7a688091017b739616d6e88cdd00b8f80776d5b4

  • SHA256

    c20b0093992286e66372299437123a008ff8a2b6d9f1bd297e810dbe350e1d0c

  • SHA512

    2c2c3630f3ad135b063e251095fb5ae0c9d2f615b4b64d2b8781e1b01270894c254230a03551bbf5074739483a48b13658dbe0d10c759f81eecfaaa1816b9a2c

  • SSDEEP

    768:tYOU95Hpq/r5AKCQtPZu2RKIh4XVewCZ5fxlmTAmIvg2jnA5DwT:qX3q/zT77mqT

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e7f2e60f9100404b9fffc84458d2e0d.exe
    "C:\Users\Admin\AppData\Local\Temp\0e7f2e60f9100404b9fffc84458d2e0d.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3676
    • C:\Users\Admin\AppData\Local\Temp\storti.exe
      "C:\Users\Admin\AppData\Local\Temp\storti.exe"
      2⤵
      • Executes dropped EXE
      PID:5068
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3992 --field-trial-handle=2228,i,17475224967547320003,13667387715861799238,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3428

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\storti.exe
            Filesize

            34KB

            MD5

            5314c2fc2d789e20d695cd3a3609817e

            SHA1

            fc2ba45700015d863462c6564abe5ed7c52059d8

            SHA256

            6d11735353f77d86b1bddf702374ca8224e344eb3969c7e81c4353e0a8b7d3a9

            SHA512

            d0e1efbccf1cdaeb2fb19c37368f2b809ed595b9b9a4b376fd29ad28d364ac966270d3a64a072a9901aebc98a6c1ea9a2d4fe4258f7f268d603be05fffd66c5d

            Download Submit

          • memory/3676-0-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3676-1-0x0000000004000000-0x0000000004006000-memory.dmp

            Filesize

            24KB

            Download

          • memory/3676-2-0x0000000004000000-0x0000000004006000-memory.dmp

            Filesize

            24KB

            Download

          • memory/3676-11-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download

          • memory/5068-20-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download