Overview

overview

7

Static

static

3

10f283a5c0...80.exe

windows7-x64

7

10f283a5c0...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/05/2024, 18:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    10f283a5c051799796440ab7b97583dc4175ad63e8ce2803cc1786ceec10c180.exe

  • Size

    17KB

  • MD5

    b517d3393e485617d7fc81162cbaf96b

  • SHA1

    0e99d2afa8077f4c28787710b2c3c0b0d2a177e2

  • SHA256

    10f283a5c051799796440ab7b97583dc4175ad63e8ce2803cc1786ceec10c180

  • SHA512

    e36474930439d7691d08db5050b2efca2e7bbfc348c4094777ad304aaa5cd171c6ca5b24810ab15f984fd0020e8402b1c98cc4b149137f337436c88ad438eb29

  • SSDEEP

    192:kRQ9GnwR2M5AHrzjR3OmaFA0Kz649M3Q9aXqjU6Fowfugi:LcnwR2M50zV4LKJ9MyUTCE

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10f283a5c051799796440ab7b97583dc4175ad63e8ce2803cc1786ceec10c180.exe
    "C:\Users\Admin\AppData\Local\Temp\10f283a5c051799796440ab7b97583dc4175ad63e8ce2803cc1786ceec10c180.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4048
    • C:\Users\Admin\AppData\Local\Temp\hromi.exe
      "C:\Users\Admin\AppData\Local\Temp\hromi.exe"
      2⤵
      • Executes dropped EXE
      PID:1516

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\hromi.exe
          Filesize

          17KB

          MD5

          db555bd48b18c0ef48423c8985e52be7

          SHA1

          12f2bc40442bcde7ba4da2d854fa7129c9a706c3

          SHA256

          aa3cb529a4d9b766efa396a56152839fa7f26798a492748c9f5e48d0b02cc991

          SHA512

          8d3aa929c05a4c3f5d577afa603a5c1967bcf9e4012d93b46e5e8ce54f344128c04f0a4d9a261fb30c0bbf9ee3a2ff312cdceca22bddc403bcc2a3f076cae9b1

          Download Submit

        • memory/4048-1-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB

          Download