Overview

overview

7

Static

static

3

2699d5711c...bf.exe

windows7-x64

7

2699d5711c...bf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2699d5711c30178c92be712a69600ffb8adc6982b03b1d9cebb8e745ae4fbebf.exe

  • Size

    208KB

  • MD5

    0f6e7efe4630bf314fd5d895f55bcd08

  • SHA1

    764aa932c863988647b19e13917b288536bc144b

  • SHA256

    2699d5711c30178c92be712a69600ffb8adc6982b03b1d9cebb8e745ae4fbebf

  • SHA512

    1360102c8b590029080cbefa6193c104557904398879ba6f60cf18e1696cd4e5d9325ca0aa204e7b89b4b23e4bd3d13a08a31d8e64f7d8fc7b1abf55bac1e2cf

  • SSDEEP

    3072:MfK8TVSj1FQ021LSaDoKi6NgdgG6cCnebXQmL7A25A41:A5SZFQ71LSooKi6NwgG6cTLADy

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2699d5711c30178c92be712a69600ffb8adc6982b03b1d9cebb8e745ae4fbebf.exe
    "C:\Users\Admin\AppData\Local\Temp\2699d5711c30178c92be712a69600ffb8adc6982b03b1d9cebb8e745ae4fbebf.exe"
    1⤵
    • Checks computer location settings
    • Drops startup file
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c xcopy "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mozwnd1.lnk" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp" /Y
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3704
      • C:\Windows\SysWOW64\xcopy.exe
        xcopy "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mozwnd1.lnk" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp" /Y
        3⤵
        • Enumerates system info in registry
        PID:5076
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3528 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mozwnd1.lnk
      Filesize

      2KB

      MD5

      6e0c317759f32a8bc79c79418fb501f6

      SHA1

      46f509687166f2888b7c03cdb6971de248386a07

      SHA256

      90e1b8c0d317db2fdc8df3b516c9e1ed969e11ef7d25d4ff357634a879714258

      SHA512

      e13c7d479f637c3317388680b6b74f1536004fffc8d23314280a53c3333f94e155eaf3483b7cbe2a472288cd2de3ee60803170c63ad396420aa0299d0b2065a7

      Download Submit