Overview

overview

10

Static

static

10

2eb5468580...29.exe

windows7-x64

9

2eb5468580...29.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    93s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2eb5468580acea73cf5fa720482889c9ee87488f1ca6032924a30ab403aeca29.exe

  • Size

    19KB

  • MD5

    33cd269f8a89b78dd118377681ba331f

  • SHA1

    3d9f19e34ddb94c93c38ae7481242568eafb3886

  • SHA256

    2eb5468580acea73cf5fa720482889c9ee87488f1ca6032924a30ab403aeca29

  • SHA512

    5f32485504b116a8a678d05fb156e2a55fd380d3a8dee1b9e4955ed35364ca2dd844a989aed340b111a60b5c4574acdfabbe580b2a4d65660f4ddf0c1ec6f3ae

  • SSDEEP

    384:W6C5SYpuESCgvATWe64rbd8w4m8wC5C3NJ:W6n0Sa+Id8HC3z

Score
9/10

Malware Config

Signatures

  • Detects executables built or packed with MPress PE compressor 3 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2eb5468580acea73cf5fa720482889c9ee87488f1ca6032924a30ab403aeca29.exe
    "C:\Users\Admin\AppData\Local\Temp\2eb5468580acea73cf5fa720482889c9ee87488f1ca6032924a30ab403aeca29.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4720
    • C:\Users\Admin\AppData\Local\Temp\ffengh.exe
      "C:\Users\Admin\AppData\Local\Temp\ffengh.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ffengh.exe
    Filesize

    19KB

    MD5

    ef0a18ca1370f906b9687f2d5145a540

    SHA1

    86fa5d7570adf81606b7f78442ffe81d97c6eebb

    SHA256

    a79fafb5596b76b42694b375e223f723abb07a777a7fb429bb2f6c7cbed760df

    SHA512

    747831ca0fa36ed788362bbf63e2fb4db75c9498b4b9fbcabbb99fa1a5bc03643270abd6ef4937662a62cc98f63a5634f6dec5916d21084f528776810bd3b6bc

    Download Submit

  • memory/3504-9-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4720-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download