Overview

overview

10

Static

static

3

d1c409e280...b5.exe

windows7-x64

10

d1c409e280...b5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-04-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1c409e28026518d22db127f2c63a208db6fe271241bc21214511a3935b561b5.exe

  • Size

    36KB

  • MD5

    aed727cbc9903eda6852b963ac3e4702

  • SHA1

    2055275640f96641fafb6aebd94ec0d85f240d70

  • SHA256

    d1c409e28026518d22db127f2c63a208db6fe271241bc21214511a3935b561b5

  • SHA512

    ab204a12a0961fbc2b423cd5c5f3202d7ad478d93c66d3ce7e876442e57125aea3a57715232a79bbc61e40a9e245f01f07eeab6ec1bb8f3d8954a75375ce2c91

  • SSDEEP

    768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgg/X/zCtgcgCEX8u/vSXrXrXrXrXrXyuwU:9rqfzQQRamN88Fr277777RwU

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1c409e28026518d22db127f2c63a208db6fe271241bc21214511a3935b561b5.exe
    "C:\Users\Admin\AppData\Local\Temp\d1c409e28026518d22db127f2c63a208db6fe271241bc21214511a3935b561b5.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Program Files (x86)\e41e0ae5\jusched.exe
      "C:\Program Files (x86)\e41e0ae5\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\e41e0ae5\e41e0ae5
    Filesize

    13B

    MD5

    f253efe302d32ab264a76e0ce65be769

    SHA1

    768685ca582abd0af2fbb57ca37752aa98c9372b

    SHA256

    49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd

    SHA512

    1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4

    Download Submit

  • C:\Program Files (x86)\e41e0ae5\jusched.exe
    Filesize

    36KB

    MD5

    d45ba1736e88b8a2e6942a2fe0bb8e59

    SHA1

    aff3126264b575607c892bf0ce37985a83b17f47

    SHA256

    bf8f711942ed21ef8484a47484d67304559406b3baca50b0ed2ace7ce699690e

    SHA512

    54b0036c0e4486c00de37c0b297ca0ee58f0ea2fa2764eddd01f9672f8d2784c3127ffa25af9cd9124eb020927f1f486fe66f72cdda0fdbf2862ca1aaecb47a4

    Download Submit

  • memory/2036-0-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2036-5-0x0000000000490000-0x0000000000493000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2036-4-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2036-1-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2036-15-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2200-16-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2200-19-0x0000000000670000-0x0000000000673000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2200-20-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2200-21-0x0000000000670000-0x0000000000673000-memory.dmp

    Filesize

    12KB

    Download