Overview

overview

8

Static

static

3

4d9b176b2f...bf.exe

windows7-x64

8

4d9b176b2f...bf.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/04/2024, 05:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4d9b176b2ffc7f8e53fc592517cb84da8da6d122d8c1e0fac1c7eb4bce39e9bf.exe

  • Size

    1.6MB

  • MD5

    7d0e2b46361001d7ae70743c786387d2

  • SHA1

    8e1445c713fd428030136a950f35a1590e12baa0

  • SHA256

    4d9b176b2ffc7f8e53fc592517cb84da8da6d122d8c1e0fac1c7eb4bce39e9bf

  • SHA512

    e87da458fd7e60212d42d50046dba97405e56e01c6eacac5321ed87ee9bcdd58c2e492fa0bd86b3ef08291973731371031fce5ec1f63404d04a76923d88f8847

  • SSDEEP

    49152:j5219/B28j5219/BUtTziWgc01sOvrMlg:jG952YG95UtTGWE1sGgg

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 16 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 46 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d9b176b2ffc7f8e53fc592517cb84da8da6d122d8c1e0fac1c7eb4bce39e9bf.exe
    "C:\Users\Admin\AppData\Local\Temp\4d9b176b2ffc7f8e53fc592517cb84da8da6d122d8c1e0fac1c7eb4bce39e9bf.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4732
    • C:\Users\Admin\AppData\Local\Temp\Addon\Arquivos de Programas\Adicionais\SUPORTE.exe
      "C:\Users\Admin\AppData\Local\Temp\Addon\Arquivos de Programas\Adicionais\SUPORTE.exe"
      2⤵
      • Executes dropped EXE
      PID:2056
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Addon\Arquivos de Programas\Adicionais\PRIVATE-USER.cmd" "
      2⤵
      • Drops file in Drivers directory
      • Suspicious use of WriteProcessMemory
      PID:5040
      • C:\Windows\system32\cacls.exe
        "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
        3⤵
          PID:2220
        • C:\Windows\system32\attrib.exe
          attrib -r C:\Windows\system32\drivers\etc\hosts
          3⤵
          • Drops file in Drivers directory
          • Views/modifies file attributes
          PID:4320
        • C:\Windows\system32\attrib.exe
          attrib +r C:\Windows\system32\drivers\etc\hosts
          3⤵
          • Drops file in Drivers directory
          • Views/modifies file attributes
          PID:2944
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Addon\Arquivos de Programas\Adicionais\ACTIVATED.bat" "
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2440
        • C:\Windows\system32\mode.com
          mode con: cols=80 lines=10
          3⤵
            PID:2672
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:1532
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:1568
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:2260
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:4552
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:5112
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:2268
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:2612
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:4448
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:4688
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:1980
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:4308
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:3396
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:4980
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:1484
          • C:\Windows\system32\timeout.exe
            timeout /t 1 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:4524
          • C:\Windows\system32\timeout.exe
            timeout /t 3
            3⤵
            • Delays execution with timeout.exe
            PID:1044

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\Addon\Arquivos de Programas\Adicionais\ACTIVATED.bat
              Filesize

              641B

              MD5

              d6ac638f591dba96bbf9e33faf401f29

              SHA1

              42631098992a88920732cbc9eee0ee72d65f84d0

              SHA256

              e8220d84abad5ce2362917f6a0f1a213fc4e65f72c7a5284bbd95cf453175ca0

              SHA512

              d99d185bbaa7b1cc3f9a8ccdc7c63d00db1a309a1d1aff8f8c714acba47432569183acab52187d49abf2c62b2c31fa8cb4c69123344ec80c3f1853ec2b4b064d

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\Addon\Arquivos de Programas\Adicionais\PRIVATE-USER.cmd
              Filesize

              9KB

              MD5

              0c739d0021c968abbd85ac72f1109754

              SHA1

              e4fb728296286bb927e33558d0f70f8d07fda6ac

              SHA256

              9057f37af86063ffc0d4c553e418f25888090ed6be97790f46556626edfc698b

              SHA512

              ff45765783d7bbf63a44dd853373d93df7676afd5c36e9bd74b746ce92c365a66cc8ba356536c96262e2a9181e9331cf87f34e2ad94795501f18295c211feead

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\Addon\Arquivos de Programas\Adicionais\SUPORTE.exe
              Filesize

              1.2MB

              MD5

              2aca419a8e43750a77ca1d46ebcfcc5d

              SHA1

              3786bb3f69504d9eff9ad12999603fc5e2922a84

              SHA256

              8ab9aee1ae70e86d6f9945e84310bc8a21c262535db4c09201eab814731f6a41

              SHA512

              f61cfc7951d4ed0478e3670b8f4e72600e20ddb85a6a40a2f2b0d633aa76208ddf5581f9caa655ea1a98a9f7e1643c538c3b32daa9318b8800c83f2cfc8b494a

              Download Submit

            • C:\Windows\system32\drivers\etc\hosts
              Filesize

              8KB

              MD5

              246299d2385306132314f36346f0a642

              SHA1

              825b9b675bcb1f991be778c429ab1bcdb26ba832

              SHA256

              149640bff7e404334999f040576ea3dbebee0e3203ac761898591669c305e88a

              SHA512

              6239fd5820cc365a8842073c836e24a8fe92843e538bea876fd61da389e79031582e1a7bc26d92ae20fce535961ad63184cda2f4267cce5d1feb1b857a29fc63

              Download Submit