Overview

overview

10

Static

static

10

d5c62e521f...f9.exe

windows7-x64

10

d5c62e521f...f9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    32s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-04-2024 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9.exe

  • Size

    31KB

  • MD5

    a5ad2d1796744144d739569bb466b307

  • SHA1

    42de0164c8cbd9b6c64100de720d2e0c49ebcb77

  • SHA256

    d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9

  • SHA512

    45fa09478a871a75f4650a56529632bfddf93990819c6d5212753325305a7946c631076897b13e62297136ae26db064fef701dea23453ea504b4c2517d5e74b9

  • SSDEEP

    384:c8LBBi/W/7mgEp87wYK2GePqZhbM2AQk93vmhm7UMKmIEecKdbXTzm9bVhcaO6fd:5W/sqoHT2A/vMHTi9bD/Qz1n

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9.exe
    "C:\Users\Admin\AppData\Local\Temp\d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9.exe"
    1⤵
    • Checks computer location settings
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4160
    • C:\Users\Admin\AppData\Local\Temp\Payload.exe
      "C:\Users\Admin\AppData\Local\Temp\Payload.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      PID:1900
    • C:\Windows\SysWOW64\attrib.exe
      attrib +h +r +s "C:\Users\Admin\AppData\Local\Temp\Payload.exe"
      2⤵
      • Views/modifies file attributes
      PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Payload.exe
    Filesize

    31KB

    MD5

    a5ad2d1796744144d739569bb466b307

    SHA1

    42de0164c8cbd9b6c64100de720d2e0c49ebcb77

    SHA256

    d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9

    SHA512

    45fa09478a871a75f4650a56529632bfddf93990819c6d5212753325305a7946c631076897b13e62297136ae26db064fef701dea23453ea504b4c2517d5e74b9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
    Filesize

    1KB

    MD5

    2ff3035e52abdef022e25f5bfd28b637

    SHA1

    418c2065745be959bb96c56068db09c0412753a4

    SHA256

    df6569f9d04dff790fdced8ecc28767dad34a2c9eeba5e8b99c5f98fb9833e98

    SHA512

    c65460e547305dc20e82fdd627826a5b14e9d91daaa829b1831be55ccdc10acf533c7845319dbe22dd5ebaef809721f8dc1c1e72fe92a516b3991879e4fed521

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk
    Filesize

    1KB

    MD5

    0b633d2de4ad538bde739f85f18b2ae2

    SHA1

    223ce374368ee774e2f51f203c77a3e7bcf659c8

    SHA256

    a440a2c4a021020efac85703115a1a5e43c74b1d67bbf505b6b35e320cfe5958

    SHA512

    2671eb8a2011f35c8bdd2e3092db777b45bc77d9d31e5ccc51c4e10cd1b3aa0a745553a76961140e904fcd5198a855ca698dd40c3e8e2a7e9c8ab330f439f0cc

    Download Submit

  • memory/1900-16-0x0000000074E00000-0x00000000753B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1900-17-0x0000000000B70000-0x0000000000B80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1900-22-0x0000000074E00000-0x00000000753B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4160-0-0x0000000074E00000-0x00000000753B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4160-1-0x0000000074E00000-0x00000000753B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4160-2-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4160-6-0x0000000074E00000-0x00000000753B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4160-14-0x0000000074E00000-0x00000000753B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4160-23-0x0000000074E00000-0x00000000753B1000-memory.dmp

    Filesize

    5.7MB

    Download