Overview

overview

10

Static

static

10

635fdcbf5c...1b.exe

windows7-x64

9

635fdcbf5c...1b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    114s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-05-2024 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    635fdcbf5c3af871066c640ee1172b8847d4ab2f7fe081ae04012c27b24fb01b.exe

  • Size

    98KB

  • MD5

    bab87e3761d3cc3079799caa1a3639ef

  • SHA1

    dcaf1cae0c2edd9754e7e5234a2b9947923628e5

  • SHA256

    635fdcbf5c3af871066c640ee1172b8847d4ab2f7fe081ae04012c27b24fb01b

  • SHA512

    0f7e2a6eb59587d0c456b20eec54ff8ae39329291f36383342db21584eead07ce28ce7b0c17422572d3ecc19c56815023395aa2aa1bad36daf71a1ed6f0bfd1e

  • SSDEEP

    768:dxDDnyAiIbhn+oRTaFSxjORUh6EDFAnAL+7DUdjaYoCMHosadujaOnNP0mPefoCK:dxDDnd1RaqOrsdSCM+qvGDg1W+DQ6Ke

Score
9/10

Malware Config

Signatures

  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\635fdcbf5c3af871066c640ee1172b8847d4ab2f7fe081ae04012c27b24fb01b.exe
    "C:\Users\Admin\AppData\Local\Temp\635fdcbf5c3af871066c640ee1172b8847d4ab2f7fe081ae04012c27b24fb01b.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
      "C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe"
      2⤵
      • Executes dropped EXE
      PID:3496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
    Filesize

    98KB

    MD5

    e287ca03bf650427539eeb01a5868446

    SHA1

    f2775c0a3ffd7fc662c16a9014161920290d8861

    SHA256

    6f2f6c6bb1639c4773c1a9a3bb5b3960e68543106852fd85fec5b1a07d675037

    SHA512

    e7f9c4a07b326ee5817717eb68f95f6bd9d77cf8a1f28e9d69c9a72af7aff85f850e2d68e80ca0f7fe949aaac01d981cceab8c5db712d41c9b96ece5a06380d4

    Download Submit

  • memory/3012-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3012-2-0x0000000002060000-0x0000000002064000-memory.dmp

    Filesize

    16KB

    Download

  • memory/3012-12-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3496-10-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3496-11-0x00000000020E0000-0x00000000020E4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/3496-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download