Analysis

  • max time kernel
    143s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 01:02

General

  • Target

    4ea367e656c4ba8bafb5dc9d368f3ce4.exe

  • Size

    40KB

  • MD5

    4ea367e656c4ba8bafb5dc9d368f3ce4

  • SHA1

    ecfbc925e391eec18d68915382fb1d5b0feac387

  • SHA256

    ef756a8ddd2c014ee73eb30f5a9ccbd1d70111c785e065d05d0f1750e148fd50

  • SHA512

    e1375c82af5844fcace3ba5c847f478f20b60cbb9ad705137b6a784681708e4586e6f432071b33ec67eecfb6f6f2d37489f8f7c554721b8bca2eff5d4441daae

  • SSDEEP

    768:q7PdFecFS5agQtOOtEvwDpjeMLZdzuqpXsiE8Wq/DpkITY//:qDdFJy3QMOtEvwDpjjWMl7T2

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ea367e656c4ba8bafb5dc9d368f3ce4.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea367e656c4ba8bafb5dc9d368f3ce4.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3456
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4456
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2224

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\asih.exe

            Filesize

            40KB

            MD5

            1359f2923906861cf2deeb280afe4130

            SHA1

            f85564cee0165fe4dadf9dff5ed578247c5b6f80

            SHA256

            5627f10e8ff1ccc74611ade4796c66e23d70b030926735133c52071171c6fede

            SHA512

            0ee684a491a614397697ad2e60f5895a7c5e3a05f119647d4d984150a26874762bf3231b91f8b073587eb1fc8c5f5cc6cb3a3adea68b32ad44774d26622d3a85

          • memory/3456-0-0x0000000000500000-0x0000000000510000-memory.dmp

            Filesize

            64KB

          • memory/3456-1-0x00000000007B0000-0x00000000007B6000-memory.dmp

            Filesize

            24KB

          • memory/3456-2-0x00000000007B0000-0x00000000007B6000-memory.dmp

            Filesize

            24KB

          • memory/3456-3-0x00000000007D0000-0x00000000007D6000-memory.dmp

            Filesize

            24KB

          • memory/3456-14-0x0000000000500000-0x0000000000510000-memory.dmp

            Filesize

            64KB

          • memory/4456-18-0x0000000000500000-0x0000000000510000-memory.dmp

            Filesize

            64KB

          • memory/4456-21-0x00000000004D0000-0x00000000004D6000-memory.dmp

            Filesize

            24KB

          • memory/4456-22-0x0000000000510000-0x0000000000516000-memory.dmp

            Filesize

            24KB

          • memory/4456-28-0x0000000000500000-0x0000000000510000-memory.dmp

            Filesize

            64KB